CVE-2004-2035
published 2004-05-26CVE-2004-2035: MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.84%
88.8th percentile
MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| minishare | minimal_http_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Shopware 5.2.5/5.3 - Cross-Site Scripting
exploitdb·2018-01-21·CVSS 6.1
CVE-2017-15374 [MEDIUM] Shopware 5.2.5/5.3 - Cross-Site Scripting
Shopware 5.2.5/5.3 - Cross-Site Scripting
---
Document Title:
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1922
Shopware Security Tracking ID: SW-19834
Security Update:
http://community.shopware.com/Downloads_cat_448.html#5.3.4
http://community.shopware.com/_detail_2035.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15374
CVE-ID:
CVE-2017-15374
Release Date:
2017-09-05
Vulnerability Laboratory ID (VL-ID):
1922
Common Vulnerability Scoring System:
4.4
Vulnerability Class:
Cross Site Scripting - Persistent
Current Estimated Price:
1.000€ - 2.000€
Product & Service Introduction:
Shopware is a modular online shop system that is since 2004 developed in germany
Exploit-DB
MiniShare 1.3.2 - Remote Denial of Service
exploitdb·2004-05-26
CVE-2004-2035 MiniShare 1.3.2 - Remote Denial of Service
MiniShare 1.3.2 - Remote Denial of Service
---
source: https://www.securityfocus.com/bid/10417/info
Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests.
This issue will allow an attacker to cause the affected computer to stop responding, denying service to legitimate users.
GET:
1. GET /something HTTP/1.1
-
2. GET /something HTTP/1.1\n
-
HEAD:
1. HEAD /something HTTP/1.1
-
2. HEAD /something HTTP/1.1\n
-
No writeups or analysis indexed.
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021980.htmlhttp://marc.info/?l=bugtraq&m=108563992129877&w=2http://secunia.com/advisories/11715http://sourceforge.net/project/shownotes.php?release_id=241158http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txthttp://www.osvdb.org/6432http://www.securityfocus.com/bid/10417https://exchange.xforce.ibmcloud.com/vulnerabilities/16260http://lists.netsys.com/pipermail/full-disclosure/2004-May/021980.htmlhttp://marc.info/?l=bugtraq&m=108563992129877&w=2http://secunia.com/advisories/11715http://sourceforge.net/project/shownotes.php?release_id=241158http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txthttp://www.osvdb.org/6432http://www.securityfocus.com/bid/10417https://exchange.xforce.ibmcloud.com/vulnerabilities/16260
2004-05-26
Published