CVE-2018-25193
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cesanta | Mongoose Web Server | 6.9 | affected |
Weaknesses
- CWE-1188: Initialization of a Resource with an Insecure Default
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/45819
- https://www.vulncheck.com/advisories/mongoose-web-server-denial-of-service-via-socket-connection
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.