CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16789 – Shell In A Box 2.2.0 Denial Of Service
https://notcve.org/view.php?id=CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. libhttp/url.c en shellinabox, hasta la versión 2.20, tiene un error de implementación en la lógica de análisis de peticiones HTTP. Mediante el envío de una petición HTTP multipart/form-data manipulada, un atacante podría explotar esto para forzar a shellinaboxd a entrar en un bucle infinito, agotando los recursos de la CPU disponibles y provocando la caída del servicio. Shell In A Box versions 2.2.0 and below suffer from an infinite loop denial of service vulnerability. • http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html http://seclists.org/fulldisclosure/2018/Oct/50 https://code.google.com/archive/p/shellinabox/issues https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8400
https://notcve.org/view.php?id=CVE-2015-8400
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. La implementación de retorno de HTTPS en Shell In A Box (también conocido como shellinabox) en versiones anteriores a 2.19 hace que sea mas fácil para atacantes remotos llevar a cabo ataques de revinculación DNS a través de la URL "/plain". • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175117.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175224.html http://www.openwall.com/lists/oss-security/2015/12/02/6 http://www.openwall.com/lists/oss-security/2015/12/02/7 https://github.com/shellinabox/shellinabox/issues/355 https://github.com/shellinabox/shellinabox/releases/tag/v2.19 • CWE-254: 7PK - Security Features •