PT-2017-8644 · Ws-Xmlrpc · Ws-Xmlrpc

0Ang3El

·

Publicado

2017-06-06

·

Atualizado

2022-05-17

·

CVE-2016-5004

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ws-xmlrpc version 3.1.3
Description The issue allows remote attackers to cause a denial of service by decompressing a large file containing zeroes, exploiting the Content-Encoding HTTP header feature.
Recommendations For ws-xmlrpc version 3.1.3, consider disabling the Content-Encoding HTTP header feature as a temporary workaround until a patch is available. Restrict access to large files to minimize the risk of exploitation.

Exploit

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2016-5004
GHSA-R2PG-W96P-PCPJ

Produtos afetados

Ws-Xmlrpc