HomePentest-Tools.com Logo

H2O HTTP Server Format String Vulnerability CVE-2016-4864

Severity
CVSSv3 Score
7.5
Vulnerability description

H2O HTTP Server is prone to a format string vulnerability.

Risk description

A format string vulnerability exists in H2O, that can be used by remote attackers to mount Denial-of-Service attacks. Users using one of the handlers (fastcgi, mruby, proxy, redirect, reproxy) of H2O may be affected by the issue. An unauthenticated remote attacker may cause a denial of service condition.

Recommendation

Update to version 2.0.4, 2.1.0-beta3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 12, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available