{ "id": "CVE-2009-0751", "sourceIdentifier": "cve@mitre.org", "published": "2009-03-02T22:30:00.250", "lastModified": "2024-11-21T01:00:50.100", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers." }, { "lang": "es", "value": "Vulnerabilidad en el servidor web Yaws en sus versiones anteriores a v1.30 que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de la memoria y ca\u00edda del servicio) a trav\u00e9s de peticiones con un gran n\u00famero de cabeceras." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-399" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.79", "matchCriteriaId": "C46DD252-6005-4E5A-9D11-F3FBF6410453" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.50:*:*:*:*:*:*:*", "matchCriteriaId": "992B1D73-29BD-454E-B1A7-62B812D186C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.51:*:*:*:*:*:*:*", "matchCriteriaId": "684FE8BF-66B0-4135-958F-E5198DF7CA6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.52:*:*:*:*:*:*:*", "matchCriteriaId": "4AE18953-7DF2-4E14-9368-F51AE9B300B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.53:*:*:*:*:*:*:*", "matchCriteriaId": "399F854C-C07E-42A8-B7E6-EED32DD4061E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.54:*:*:*:*:*:*:*", "matchCriteriaId": "DEC2C7DD-C87D-4FB5-B3E9-E6BE55D1CDAE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.55:*:*:*:*:*:*:*", "matchCriteriaId": "AAE09563-F7F2-4EE2-B97C-AF75F1884C39" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.56:*:*:*:*:*:*:*", "matchCriteriaId": "BB429B9B-D2E9-4AAA-9EB6-CA9DBC82D64C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.57:*:*:*:*:*:*:*", "matchCriteriaId": "FBA1F732-E68A-4922-8B5B-D023E96EE21A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.58:*:*:*:*:*:*:*", "matchCriteriaId": "E1839141-82D5-4E88-8F28-EB26E97F1A0E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.61:*:*:*:*:*:*:*", "matchCriteriaId": "62B3E003-B9F6-4793-BA89-1F3E13B91B7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.62:*:*:*:*:*:*:*", "matchCriteriaId": "A1828466-3EAA-4B40-946A-B6400177155B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.63:*:*:*:*:*:*:*", "matchCriteriaId": "2C2DF037-3854-48AE-BBF7-087ADE80ED2E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.64:*:*:*:*:*:*:*", "matchCriteriaId": "4F394C56-A5C1-4616-B0B0-0EEC3AA0C864" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.65:*:*:*:*:*:*:*", "matchCriteriaId": "42D1FC96-87A6-4C42-BDED-79DD462DD47A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.66:*:*:*:*:*:*:*", "matchCriteriaId": "AC1335E6-D02B-403C-9878-FED0095874AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.67:*:*:*:*:*:*:*", "matchCriteriaId": "B5E253A0-BDC9-480B-8C2B-FE9C33F12F84" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.68:*:*:*:*:*:*:*", "matchCriteriaId": "09CFB1DE-D860-438C-A9E7-A7372154925F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.70:*:*:*:*:*:*:*", "matchCriteriaId": "EE02B9FE-300B-4191-B623-0883BD69DE22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.71:*:*:*:*:*:*:*", "matchCriteriaId": "C55AF6B3-800C-4E80-8D2D-EF164C108004" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.72:*:*:*:*:*:*:*", "matchCriteriaId": "206F051E-15E7-4CFD-A17A-47BBA4DB7D75" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.73:*:*:*:*:*:*:*", "matchCriteriaId": "704FF671-C530-4000-9C15-B6CDB73EBE0D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.74:*:*:*:*:*:*:*", "matchCriteriaId": "DF5EBB06-F40A-4349-A6D8-6E43E64473CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.75:*:*:*:*:*:*:*", "matchCriteriaId": "150881D1-84FC-4522-978D-FDE49297FE14" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.76:*:*:*:*:*:*:*", "matchCriteriaId": "E60B04D6-6CA3-4D79-AFD3-B6426158A93F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.77:*:*:*:*:*:*:*", "matchCriteriaId": "D3ABEC8B-A76C-497C-9743-D9F5EE485657" }, { "vulnerable": true, "criteria": "cpe:2.3:a:yaws:yaws:1.78:*:*:*:*:*:*:*", "matchCriteriaId": "D82781B6-6A56-4CBB-B620-D2FB3AB60558" } ] } ] } ], "references": [ { "url": "http://secunia.com/advisories/33979", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/34239", "source": "cve@mitre.org" }, { "url": "http://www.debian.org/security/2009/dsa-1740", "source": "cve@mitre.org" }, { "url": "http://www.openwall.com/lists/oss-security/2009/02/19/1", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/33834", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2009/0590", "source": "cve@mitre.org" }, { "url": "http://yaws.hyber.org/", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.exploit-db.com/exploits/8148", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/33979", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/34239", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.debian.org/security/2009/dsa-1740", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.openwall.com/lists/oss-security/2009/02/19/1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/33834", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.vupen.com/english/advisories/2009/0590", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://yaws.hyber.org/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.exploit-db.com/exploits/8148", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }