mailing list archives
CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 03 Oct 2011 12:02:59 +0200
Hello Josh, Steve, vendors,
a denial of service flaw was found in the way Polipo, a lightweight
caching web proxy, processed certain HTTP POST / PUT requests. If
polipo was configured to allow remote client connections and particular
host was allowed to connect to polipo server instance, a remote
attacker could use this flaw to cause denial of service (polipo daemon
abort due to assertion failure) via specially-crafted HTTP POST / PUT
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Jan Lieskovsky (Oct 03)