oss-sec mailing list archives
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2
From: cve-assign () mitre org
Date: Sat, 18 Jan 2014 06:16:10 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Affected software: cxxtools Description: By sending a crafted HTTP query parameter containing two percent signs in a row, URL parsing would enter an infinite recursive loop, leading to a crash. This allows a remote attacker to DOS the server. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3 Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown
Use CVE-2013-7298.
Affected software: Tntnet Description: By sending a crafted HTTP request that uses "\n" to end its headers instead of the expected "\r\n", it is possible that headers from a previous unrelated request will seemingly be appended to the crafted request (due to a missing null termination). This allows a remote attacker to use sensitive headers from other users' requests in their own requests, such as cookies or HTTP authentication credentials. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525 and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4 Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown
Use CVE-2013-7299. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS2mEZAAoJEKllVAevmvmsAuAH/j2glwHNt4bzFqxhBOYOdxtM +qY/LOuyX24aHDi9JASGeedm+kmVnRMqQXept4M+tNGdJo+vwgnQkV2HtQhdrZWB cWwowS2+7FEbdJ/HXPfrmHDLS8vfWdMeQ1SzkXctnQeti+/jYnBMVC61Lr2boNBn 478zDHV6h9FV8xnZZFRS5+j3/UGtJOqWzKhZgvDZBLaAHLbut9+vFuCKImvaq0iZ S6j/x1u/ZoBZ0vpkub2UGzhhiEylmSEGe/+WAORqzdiS4ey8rbbrCaaZcgY3QePg v2MUn/VFpPlhM3CZRokNq96h+BqQGQ/c4yr5phtfH0weZtGicxUmP6zMUcbH87M= =KsAd -----END PGP SIGNATURE-----
Current thread:
- CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Matthew Daley (Jan 17)
- Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Henri Salo (Jan 18)
- Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Matthew Daley (Jan 18)
- Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 cve-assign (Jan 18)
- Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Henri Salo (Jan 18)