HomePentest-Tools.com Logo

Akka HTTP < 10.2.7 DoS Vulnerability CVE-2018-16131

Severity
CVSSv3 Score
7.5
Vulnerability description

Akka HTTP is prone to a denial of service (DoS) vulnerability.

Risk description

The HTTP specification allows arbitrary nesting of comment elements in User-Agent and other headers. While parsing a request containing a User-Agent header with deeply nested comments, Akka HTTP may fail with a stack overflow in the parser. Stack overflows are handled as fatal errors in Akka leading to a complete shutdown of the application. An Akka HTTP application server which is exposed to the internet can be remotely crashed by sending a crafted User-Agent header leading to a loss of availability.

Recommendation

Update to version 10.2.7 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 30, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available