CVE-2018-16789 - OpenCVE

libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Shellinabox Project	Shellinabox

Configuration 1 [-]

cpe:2.3:a:shellinabox_project:shellinabox:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2018/Oct/50
https://code.google.com/archive/p/shellinabox/issues
https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T18:36:51

Updated: 2024-08-05T10:32:53.996Z

Reserved: 2018-09-09T00:00:00

Link: CVE-2018-16789

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-21T16:00:22.547

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-16789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-17T18:36:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2018/Oct/50"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/archive/p/shellinabox/issues"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html"}, {"name": "http://seclists.org/fulldisclosure/2018/Oct/50", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2018/Oct/50"}, {"name": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361", "refsource": "CONFIRM", "url": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361"}, {"name": "https://code.google.com/archive/p/shellinabox/issues", "refsource": "CONFIRM", "url": "https://code.google.com/archive/p/shellinabox/issues"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:32:53.996Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2018/Oct/50"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/archive/p/shellinabox/issues"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16789", "datePublished": "2019-03-17T18:36:51", "dateReserved": "2018-09-09T00:00:00", "dateUpdated": "2024-08-05T10:32:53.996Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shellinabox_project:shellinabox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCFFFB3E-F099-463A-8799-4CC308058240", "versionEndIncluding": "2.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down."}, {"lang": "es", "value": "libhttp/url.c en shellinabox, hasta la versi\u00f3n 2.20, tiene un error de implementaci\u00f3n en la l\u00f3gica de an\u00e1lisis de peticiones HTTP. Mediante el env\u00edo de una petici\u00f3n HTTP multipart/form-data manipulada, un atacante podr\u00eda explotar esto para forzar a shellinaboxd a entrar en un bucle infinito, agotando los recursos de la CPU disponibles y provocando la ca\u00edda del servicio."}], "id": "CVE-2018-16789", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:00:22.547", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Oct/50"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://code.google.com/archive/p/shellinabox/issues"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}