PT-2025-13029 · Unknown · Zhangyd-C Oneblog
S1Mple_Xy
·
Published
2025-03-27
·
Updated
2025-03-27
·
CVE-2025-2833
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
zhangyd-c OneBlog versions up to 2.3.9
Description
A vulnerability was found in the HTTP Header Handler component. The manipulation of the
X-Forwarded-For argument leads to inefficient regular expression complexity, allowing for a remote attack.Recommendations
For versions up to 2.3.9, consider restricting access to the HTTP Header Handler component until a patch is available.
As a temporary workaround, avoid using the
X-Forwarded-For argument in the affected HTTP Header Handler component until the issue is resolved.Exploit
Fix
Resource Exhaustion
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zhangyd-C Oneblog