CVE-2016-9564

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-9564
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r Exploit Technical Description URL Repurposed
http://www.securityfocus.com/bid/94599
Configurations

Configuration 1 (hide)

cpe:2.3:a:boa:boa:0.92r:*:*:*:*:*:*:*
History

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r - Exploit, Technical Description () http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r - Exploit, Technical Description, URL Repurposed
Information

Published : 2016-11-30 11:59

Updated : 2024-02-14 01:17

NVD link : CVE-2016-9564

Mitre link : CVE-2016-9564

CVE.ORG link : CVE-2016-9564

JSON object : View

Products Affected

boa

  • boa
CWE
CWE-20

Improper Input Validation