CVE-2010-2435
published 2010-06-24CVE-2010-2435: Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
6.47%
92.9th percentile
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | weborf | < weborf 0.12.2-1 (bookworm) | weborf 0.12.2-1 (bookworm) |
| salvo_tomaselli | weborf_http_server | <= 0.12.1 | — |
| salvo_tomaselli | weborf_http_server | — | — |
| salvo_tomaselli | weborf_http_server | — | — |
| salvo_tomaselli | weborf_http_server | — | — |
| weborf | weborf | >= 0 < 0.12.2-1 | 0.12.2-1 |
| weborf | weborf | >= 0 < 0.12.2-1 | 0.12.2-1 |
| weborf | weborf | >= 0 < 0.12.2-1 | 0.12.2-1 |
| weborf | weborf | >= 0 < 0.12.2-1 | 0.12.2-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qxf4-6479-8vm5: Weborf HTTP Server 0
ghsa_unreviewed·2022-05-14
CVE-2010-2435 [MEDIUM] CWE-20 GHSA-qxf4-6479-8vm5: Weborf HTTP Server 0
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.
OSV
CVE-2010-2435: Weborf HTTP Server 0
osv·2010-06-24·CVSS 5.0
CVE-2010-2435 [MEDIUM] CVE-2010-2435: Weborf HTTP Server 0
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.
Debian
CVE-2010-2435: weborf - Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial ...
vendor_debian·2010·CVSS 5.0
CVE-2010-2435 [MEDIUM] CVE-2010-2435: weborf - Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial ...
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.
Scope: local
bookworm: resolved (fixed in 0.12.2-1)
bullseye: resolved (fixed in 0.12.2-1)
forky: resolved (fixed in 0.12.2-1)
sid: resolved (fixed in 0.12.2-1)
trixie: resolved (fixed in 0.12.2-1)
No detection rules found.
No writeups or analysis indexed.
http://freshmeat.net/projects/weborf/releases/318531http://secunia.com/advisories/40322http://www.securityfocus.com/archive/1/511953/100/0/threadedhttp://www.securityfocus.com/bid/41064http://freshmeat.net/projects/weborf/releases/318531http://secunia.com/advisories/40322http://www.securityfocus.com/archive/1/511953/100/0/threadedhttp://www.securityfocus.com/bid/41064
2010-06-24
Published