Lucene search
Veracode Vulnerability DatabaseVERACODE:32799HistoryNov 04, 2021 - 6:15 a.m.
Denial Of Service (DoS)
2021-11-0406:15:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
akka-http-core
denial of service
user-agent header
remote attacker
vulnerable parser component
EPSS
0.066
Percentile
93.9%
akka-http-core is vulnerable to Denial of Service (DoS). A remote attacker is able to crash the application via a specifically crafted user-Agent header with deeply nested comments directed through vulnerable parser component.
References
packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html
akka.io/blog/
akka.io/blog/news/2021/11/02/akka-http-10.2.7-released
akka.io/blog/news/2021/11/22/akka-http-10.1.15-released
doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html
github.com/akka/akka-http/commit/6fd3c0dc2d9dc979bdc99395f39ec42e733011e4
github.com/akka/akka-http/issues/3918
Related
osv
osv
CVE-2021-42697
2021-11-02 22:15:08
Uncontrolled Recursion in Akka HTTP
2022-05-24 19:19:40
zdt
zdt
Akka HTTP 10.1.14 - Denial of Service Exploit
2022-05-11 00:00:00
cvelist
cvelist
CVE-2021-42697
2021-11-02 21:44:54
github
github
Uncontrolled Recursion in Akka HTTP
2022-05-24 19:19:40
githubexploit
githubexploit
Exploit for Uncontrolled Recursion in Akka Http Server
2022-04-24 05:51:24
packetstorm
packetstorm
Akka HTTP 10.1.14 Denial Of Service
2022-05-11 00:00:00
prion
prion
Design/Logic Flaw
2021-11-02 22:15:00
nvd
nvd
CVE-2021-42697
2021-11-02 22:15:08
cve
cve
CVE-2021-42697
2021-11-02 22:15:08
exploitdb
exploitdb
Akka HTTP 10.1.14 - Denial of Service
2022-05-11 00:00:00
openvas
openvas
Akka HTTP < 10.2.7 DoS Vulnerability
2021-11-05 00:00:00