PT-2016-5176 · Hawk · Hawk

Hueniverse

Publicado

2016-04-13

Atualizado

2018-07-31

CVE-2016-2515

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Hawk versions prior to 3.1.3 Hawk versions 4.x prior to 4.1.1

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption or partial outage, via a long header or URI that is matched against an improper regular expression. This is related to a regular expression denial of service vulnerability.

Recommendations Update to version 3.1.3 or later for Hawk versions prior to 3.1.3. Update to version 4.1.1 or later for Hawk versions 4.x prior to 4.1.1.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-1333

Identificadores relacionados

CVE-2016-2515

GHSA-JCPV-G9RR-QXRC

Produtos afetados

Hawk

PT-2016-5176 · Hawk · Hawk

CVE-2016-2515

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12