Vulnerabilities > CVE-2011-3596 - Reachable Assertion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
polipo-project
debian
CWE-617
nessus
exploit available

Summary

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPolipo 1.0.4.1 POST/PUT Requests HTTP Header Processing Denial Of Service Vulnerability. CVE-2011-3596. Dos exploits for multiple platform
idEDB-ID:36198
last seen2016-02-04
modified2011-10-01
published2011-10-01
reporterUsman Saeed
sourcehttps://www.exploit-db.com/download/36198/
titlePolipo 1.0.4.1 POST/PUT Requests HTTP Header Processing Denial Of Service Vulnerability

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-0840.NASL
    description - add daily cache cleanup - fix missing creation of /var/run directory (bz #755198) - make sure log directory context is set correctly (bz #741779) - fix denial of service vulnerability CVE-2011-3596 (bz #742897) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-02
    plugin id57783
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57783
    titleFedora 16 : polipo-1.0.4.1-6.fc16 (2012-0840)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-0849.NASL
    description - add daily cache cleanup - fix missing creation of /var/run directory (bz #755198) - make sure log directory context is set correctly (bz #741779) - fix denial of service vulnerability CVE-2011-3596 (bz #742897) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-02
    plugin id57784
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57784
    titleFedora 15 : polipo-1.0.4.1-6.fc15 (2012-0849)