Summary
This host is installed with HTML-Parser and is prone to Denial of Service Vulnerability.
Impact
Successful exploitation could result in Denial of Serivce condition.
Impact Level: Application.
Solution
Upgrade to HTML-Parser version 3.63 or later
http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz (or)
Apply the patch,
http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c
*****
NOTE: Please ignore this warning if the patch is already applied.
*****
Insight
The flaw is due to an error within the 'decode_entities()' function in 'utils.c', which can be exploited to cause an infinite loop by tricking an application into processing a specially crafted string using this library.
Affected
HTML-Parser versions prior to 3.63 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3627 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
- Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)
- Apache Connection Blocking Denial of Service
- Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
- Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities