Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 03 Oct 2011 12:02:59 +0200

Hello Josh, Steve, vendors,

  a denial of service flaw was found in the way Polipo, a lightweight
caching web proxy, processed certain HTTP POST / PUT requests. If
polipo was configured to allow remote client connections and particular
host was allowed to connect to polipo server instance, a remote
attacker could use this flaw to cause denial of service (polipo daemon
abort due to assertion failure) via specially-crafted HTTP POST / PUT
request.

References:
[1] http://seclists.org/fulldisclosure/2011/Oct/10
[2] https://bugs.gentoo.org/show_bug.cgi?id=385307
[3] https://bugzilla.redhat.com/show_bug.cgi?id=742891

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]