CVE-2009-0751
First published: Mon Mar 02 2009(Updated: )
Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yaws Yaws | =1.71 | |
| Yaws Yaws | =1.61 | |
| Yaws Yaws | =1.73 | |
| Yaws Yaws | =1.65 | |
| Yaws Yaws | <=1.79 | |
| Yaws Yaws | =1.57 | |
| Yaws Yaws | =1.76 | |
| Yaws Yaws | =1.68 | |
| Yaws Yaws | =1.70 | |
| Yaws Yaws | =1.74 | |
| Yaws Yaws | =1.53 | |
| Yaws Yaws | =1.77 | |
| Yaws Yaws | =1.66 | |
| Yaws Yaws | =1.67 | |
| Yaws Yaws | =1.54 | |
| Yaws Yaws | =1.52 | |
| Yaws Yaws | =1.50 | |
| Yaws Yaws | =1.51 | |
| Yaws Yaws | =1.62 | |
| Yaws Yaws | =1.78 | |
| Yaws Yaws | =1.58 | |
| Yaws Yaws | =1.72 | |
| Yaws Yaws | =1.56 | |
| Yaws Yaws | =1.63 | |
| Yaws Yaws | =1.64 | |
| Yaws Yaws | =1.75 | |
| Yaws Yaws | =1.55 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/33979
- http://www.openwall.com/lists/oss-security/2009/02/19/1
- http://yaws.hyber.org/
- http://www.securityfocus.com/bid/33834
- http://www.debian.org/security/2009/dsa-1740
- http://secunia.com/advisories/34239
- http://www.vupen.com/english/advisories/2009/0590
- https://www.exploit-db.com/exploits/8148
Frequently Asked Questions
What is the severity of CVE-2009-0751?
CVE-2009-0751 has a moderate severity level due to its potential to cause denial of service through memory consumption.
How do I fix CVE-2009-0751?
To fix CVE-2009-0751, upgrade Yaws to version 1.80 or later, which addresses this vulnerability.
Who is affected by CVE-2009-0751?
CVE-2009-0751 affects Yaws versions 1.79 and earlier, making those installations vulnerable to denial of service attacks.
What type of vulnerability is CVE-2009-0751?
CVE-2009-0751 is a denial of service vulnerability that arises from handling requests with an excessive number of headers.
Can CVE-2009-0751 be exploited remotely?
Yes, CVE-2009-0751 can be exploited remotely by attackers sending specifically crafted requests to the affected server.
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/yaws
- canonical/yaws yaws
- version/yaws yaws/1.71
- version/yaws yaws/1.61
- version/yaws yaws/1.73
- version/yaws yaws/1.65
- version/yaws yaws/1.79
- version/yaws yaws/1.57
- version/yaws yaws/1.76
- version/yaws yaws/1.68
- version/yaws yaws/1.70
- version/yaws yaws/1.74
- version/yaws yaws/1.53
- version/yaws yaws/1.77
- version/yaws yaws/1.66
- version/yaws yaws/1.67
- version/yaws yaws/1.54
- version/yaws yaws/1.52
- version/yaws yaws/1.50
- version/yaws yaws/1.51
- version/yaws yaws/1.62
- version/yaws yaws/1.78
- version/yaws yaws/1.58
- version/yaws yaws/1.72
- version/yaws yaws/1.56
- version/yaws yaws/1.63
- version/yaws yaws/1.64
- version/yaws yaws/1.75
- version/yaws yaws/1.55