PT-2018-6164 · Unknown · Method-Override
Published
2018-06-07
·
Updated
2019-10-09
·
CVE-2017-16136
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
method-override versions prior to 2.3.10
Description:
The issue concerns a regular expression denial of service vulnerability. It occurs when specially crafted input is passed to be parsed via the
X-HTTP-Method-Override header. This can happen when untrusted user input is passed into this header.Recommendations:
Update to version 2.3.10 or later. As a temporary workaround, consider restricting the use of the
X-HTTP-Method-Override header to minimize the risk of exploitation.Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Method-Override