HomePentest-Tools.com Logo

akka HTTP DoS Vulnerability CVE-2017-1000118

Severity
CVSSv3 Score
7.5
Vulnerability description

akka HTTP is prone to a denial of service vulnerability.

Risk description

Handling a request that carries an Accept header with an unsupported media range starting with a wildcard but having a specific subtype (e.g. */boom) leads to a stack overflow during negotiation of the content type. Per default, stack overflows are treated as fatal errors, so that the JVM process will shut itself down immediately.

Recommendation

Update to version 10.0.6 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 5, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available