CVE-2009-0751 - OpenCVE

Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Yaws	Yaws

Configuration 1 [-]

OR	cpe:2.3:a:yaws:yaws::::::::
	cpe:2.3:a:yaws:yaws:1.50:::::::*
	cpe:2.3:a:yaws:yaws:1.51:::::::*
	cpe:2.3:a:yaws:yaws:1.52:::::::*
	cpe:2.3:a:yaws:yaws:1.53:::::::*
	cpe:2.3:a:yaws:yaws:1.54:::::::*
	cpe:2.3:a:yaws:yaws:1.55:::::::*
	cpe:2.3:a:yaws:yaws:1.56:::::::*
	cpe:2.3:a:yaws:yaws:1.57:::::::*
	cpe:2.3:a:yaws:yaws:1.58:::::::*
	cpe:2.3:a:yaws:yaws:1.61:::::::*
	cpe:2.3:a:yaws:yaws:1.62:::::::*
	cpe:2.3:a:yaws:yaws:1.63:::::::*
	cpe:2.3:a:yaws:yaws:1.64:::::::*
	cpe:2.3:a:yaws:yaws:1.65:::::::*
	cpe:2.3:a:yaws:yaws:1.66:::::::*
	cpe:2.3:a:yaws:yaws:1.67:::::::*
	cpe:2.3:a:yaws:yaws:1.68:::::::*
	cpe:2.3:a:yaws:yaws:1.70:::::::*
	cpe:2.3:a:yaws:yaws:1.71:::::::*
	cpe:2.3:a:yaws:yaws:1.72:::::::*
	cpe:2.3:a:yaws:yaws:1.73:::::::*
	cpe:2.3:a:yaws:yaws:1.74:::::::*
	cpe:2.3:a:yaws:yaws:1.75:::::::*
	cpe:2.3:a:yaws:yaws:1.76:::::::*
	cpe:2.3:a:yaws:yaws:1.77:::::::*
	cpe:2.3:a:yaws:yaws:1.78:::::::*

References

Link	Resource
http://secunia.com/advisories/33979	Vendor Advisory
http://secunia.com/advisories/34239
http://www.debian.org/security/2009/dsa-1740
http://www.openwall.com/lists/oss-security/2009/02/19/1
http://www.securityfocus.com/bid/33834
http://www.vupen.com/english/advisories/2009/0590
http://yaws.hyber.org/	Vendor Advisory
https://www.exploit-db.com/exploits/8148

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-02T22:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2009-03-02T00:00:00

Link: CVE-2009-0751

JSON object: View

NVD Information

Status : Modified

Published: 2009-03-02T22:30:00.250

Modified: 2017-09-29T01:34:00.060

Link: CVE-2009-0751

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-12T00:00:00", "descriptions": [{"lang": "en", "value": "Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33979", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33979"}, {"name": "ADV-2009-0590", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0590"}, {"name": "[oss-security] 20090219 CVE request for yaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/02/19/1"}, {"name": "34239", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34239"}, {"name": "DSA-1740", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1740"}, {"name": "8148", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8148"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://yaws.hyber.org/"}, {"name": "33834", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33834"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0751", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33979", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33979"}, {"name": "ADV-2009-0590", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0590"}, {"name": "[oss-security] 20090219 CVE request for yaws", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/02/19/1"}, {"name": "34239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34239"}, {"name": "DSA-1740", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1740"}, {"name": "8148", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8148"}, {"name": "http://yaws.hyber.org/", "refsource": "CONFIRM", "url": "http://yaws.hyber.org/"}, {"name": "33834", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33834"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0751", "datePublished": "2009-03-02T22:00:00", "dateReserved": "2009-03-02T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yaws:yaws:*:*:*:*:*:*:*:*", "matchCriteriaId": "C46DD252-6005-4E5A-9D11-F3FBF6410453", "versionEndIncluding": "1.79", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.50:*:*:*:*:*:*:*", "matchCriteriaId": "992B1D73-29BD-454E-B1A7-62B812D186C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.51:*:*:*:*:*:*:*", "matchCriteriaId": "684FE8BF-66B0-4135-958F-E5198DF7CA6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.52:*:*:*:*:*:*:*", "matchCriteriaId": "4AE18953-7DF2-4E14-9368-F51AE9B300B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.53:*:*:*:*:*:*:*", "matchCriteriaId": "399F854C-C07E-42A8-B7E6-EED32DD4061E", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.54:*:*:*:*:*:*:*", "matchCriteriaId": "DEC2C7DD-C87D-4FB5-B3E9-E6BE55D1CDAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.55:*:*:*:*:*:*:*", "matchCriteriaId": "AAE09563-F7F2-4EE2-B97C-AF75F1884C39", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.56:*:*:*:*:*:*:*", "matchCriteriaId": "BB429B9B-D2E9-4AAA-9EB6-CA9DBC82D64C", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.57:*:*:*:*:*:*:*", "matchCriteriaId": "FBA1F732-E68A-4922-8B5B-D023E96EE21A", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.58:*:*:*:*:*:*:*", "matchCriteriaId": "E1839141-82D5-4E88-8F28-EB26E97F1A0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.61:*:*:*:*:*:*:*", "matchCriteriaId": "62B3E003-B9F6-4793-BA89-1F3E13B91B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.62:*:*:*:*:*:*:*", "matchCriteriaId": "A1828466-3EAA-4B40-946A-B6400177155B", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.63:*:*:*:*:*:*:*", "matchCriteriaId": "2C2DF037-3854-48AE-BBF7-087ADE80ED2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.64:*:*:*:*:*:*:*", "matchCriteriaId": "4F394C56-A5C1-4616-B0B0-0EEC3AA0C864", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.65:*:*:*:*:*:*:*", "matchCriteriaId": "42D1FC96-87A6-4C42-BDED-79DD462DD47A", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.66:*:*:*:*:*:*:*", "matchCriteriaId": "AC1335E6-D02B-403C-9878-FED0095874AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.67:*:*:*:*:*:*:*", "matchCriteriaId": "B5E253A0-BDC9-480B-8C2B-FE9C33F12F84", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.68:*:*:*:*:*:*:*", "matchCriteriaId": "09CFB1DE-D860-438C-A9E7-A7372154925F", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.70:*:*:*:*:*:*:*", "matchCriteriaId": "EE02B9FE-300B-4191-B623-0883BD69DE22", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.71:*:*:*:*:*:*:*", "matchCriteriaId": "C55AF6B3-800C-4E80-8D2D-EF164C108004", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.72:*:*:*:*:*:*:*", "matchCriteriaId": "206F051E-15E7-4CFD-A17A-47BBA4DB7D75", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.73:*:*:*:*:*:*:*", "matchCriteriaId": "704FF671-C530-4000-9C15-B6CDB73EBE0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.74:*:*:*:*:*:*:*", "matchCriteriaId": "DF5EBB06-F40A-4349-A6D8-6E43E64473CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.75:*:*:*:*:*:*:*", "matchCriteriaId": "150881D1-84FC-4522-978D-FDE49297FE14", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.76:*:*:*:*:*:*:*", "matchCriteriaId": "E60B04D6-6CA3-4D79-AFD3-B6426158A93F", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.77:*:*:*:*:*:*:*", "matchCriteriaId": "D3ABEC8B-A76C-497C-9743-D9F5EE485657", "vulnerable": true}, {"criteria": "cpe:2.3:a:yaws:yaws:1.78:*:*:*:*:*:*:*", "matchCriteriaId": "D82781B6-6A56-4CBB-B620-D2FB3AB60558", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers."}, {"lang": "es", "value": "Vulnerabilidad en el servidor web Yaws en sus versiones anteriores a v1.30 que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de la memoria y ca\u00edda del servicio) a trav\u00e9s de peticiones con un gran n\u00famero de cabeceras."}], "id": "CVE-2009-0751", "lastModified": "2017-09-29T01:34:00.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-02T22:30:00.250", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33979"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34239"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1740"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/02/19/1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33834"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0590"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://yaws.hyber.org/"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8148"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}