Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0927

CWE-3994 documents4 sources
Severity
5.0MEDIUM
EPSS
77.1%
top 1.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows-nt
Timeline
PublishedApr 14
Latest updateMay 1

Description

dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/windows-nt2000, 2003+1

🔴Vulnerability Details

2
GHSA
GHSA-m2pj-fhfv-4fq7: dhost2022-05-01
CVEList
CVE-2008-0927: dhost2008-04-14

💥Exploits & PoCs

1
Exploit-DB
Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service2008-05-05
CVE-2008-0927 (MEDIUM CVSS 5) | dhost.exe in Novell eDirectory 8.7. | cvebase.io