CVE-2011-3918
published 2012-10-07CVE-2011-3918: The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of…
PriorityP336high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
1.35%
68.1th percentile
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 4.0.3 | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Android Zygote - Socket and Fork Bomb (Denial of Service)
exploitdb·2013-10-14·CVSS 7.8
CVE-2011-3918 [HIGH] Android Zygote - Socket and Fork Bomb (Denial of Service)
Android Zygote - Socket and Fork Bomb (Denial of Service)
---
################# BootReceiver.java ##################
/**
* Android Application that performs the fork bomb attack http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3918
*
* Further informations can be found at http://www.ai-lab.it/bugAndroid/bugAndroid.html
*
*
* @author Luca Verderame
* @version 1.0
*
* Copyright 2012 Luca Verderame
*
* This file is part of ZygoteVulnerability.
ZygoteVulnerability is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
ZygoteVulnerability is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY
Exploit-DB
Oracle HTTP Server - Cross-Site Scripting Header Injection
exploitdb·2011-06-13·CVSS 4.3
CVE-2006-3918 [MEDIUM] Oracle HTTP Server - Cross-Site Scripting Header Injection
Oracle HTTP Server - Cross-Site Scripting Header Injection
---
Oracle HTTP Server XSS Header Injection
# Attack Pattern ID : CAPEC-86
# CWE ID : CI-79
# OWASP IDs : A1-Injections, A2-Cross Site Scripting (XSS)
# CVE ID : not yet
# Related CVEs : CVE-2006-3918, CVE-2007-0275
# A.K.A : Unfiltered Header Injection
# Product Type : Application
# Vendor : Oracle Corporation
# Product : Oracle HTTP Server for Oracle Application Server 10g
# Vulnerable Versions: 10.1.2.0.2
# Probably Vulnerable: (not tested) 10.1.2.0.0, 9.0.4.3.0, 9.0.4.2.0, 9.0.4.1.0, 9.0.4.0.0
# Severity : Medium
# Tested on : Linux, Windows Server 2003
# Download link : http://www.oracle.com/technetwork/middleware/ias/downloads/101201se-090616.html
# Date : 12/06/2011
# Google Dork : allintitle:"Oracle HTTP Server -"
[-] Cre
http://www.ai-lab.it/merlo/publications/DoSAndroid.pdfhttps://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42bhttp://www.ai-lab.it/merlo/publications/DoSAndroid.pdfhttps://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42b
2012-10-07
Published