CVE-2018-16789

libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
Configurations

Configuration 1 (hide)

cpe:2.3:a:shellinabox_project:shellinabox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-21 16:00

Updated : 2024-02-28 17:08


NVD link : CVE-2018-16789

Mitre link : CVE-2018-16789

CVE.ORG link : CVE-2018-16789


JSON object : View

Products Affected

shellinabox_project

  • shellinabox
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')