PT-2016-5176 · Hawk · Hawk

Hueniverse

Published

2016-04-13

Updated

2018-07-31

CVE-2016-2515

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Hawk versions prior to 3.1.3 Hawk versions 4.x prior to 4.1.1

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption or partial outage, via a long header or URI that is matched against an improper regular expression. This is related to a regular expression denial of service vulnerability.

Recommendations Update to version 3.1.3 or later for Hawk versions prior to 3.1.3. Update to version 4.1.1 or later for Hawk versions 4.x prior to 4.1.1.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-1333

Related Identifiers

CVE-2016-2515

GHSA-JCPV-G9RR-QXRC

Affected Products

Hawk

PT-2016-5176 · Hawk · Hawk

CVE-2016-2515

Weakness Enumeration

Related Identifiers

Affected Products

References · 12