Vulnerabilities > CVE-2009-0751 - Resource Management Errors vulnerability in Yaws
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Yaws
| 27 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit. CVE-2009-0751. Dos exploits for multiple platform |
file | exploits/multiple/dos/8148.pl |
id | EDB-ID:8148 |
last seen | 2016-02-01 |
modified | 2009-03-03 |
platform | multiple |
port | |
published | 2009-03-03 |
reporter | Praveen Darshanam |
source | https://www.exploit-db.com/download/8148/ |
title | Yaws < 1.80 multiple headers Remote Denial of Service Exploit |
type | dos |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1740.NASL |
description | It was discovered that yaws, a high performance HTTP 1.1 webserver, is prone to a denial of service attack via a request with a large HTTP header. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35924 |
published | 2009-03-16 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35924 |
title | Debian DSA-1740-1 : yaws - denial of service |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/75404/yaws-dos.txt |
id | PACKETSTORM:75404 |
last seen | 2016-12-05 |
published | 2009-03-05 |
reporter | Praveen Darshanam |
source | https://packetstormsecurity.com/files/75404/Yaws-Denial-Of-Service.html |
title | Yaws Denial Of Service |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:66333 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-66333 title Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit bulletinFamily exploit description No description provided by source. id SSV:17873 last seen 2017-11-19 modified 2009-03-03 published 2009-03-03 reporter Root source https://www.seebug.org/vuldb/ssvid-17873 title Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit
References
- http://secunia.com/advisories/33979
- http://secunia.com/advisories/34239
- http://www.debian.org/security/2009/dsa-1740
- http://www.openwall.com/lists/oss-security/2009/02/19/1
- http://www.securityfocus.com/bid/33834
- http://www.vupen.com/english/advisories/2009/0590
- http://yaws.hyber.org/
- https://www.exploit-db.com/exploits/8148