CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.

Published : 2017-05-12 18:29 Updated : 2019-02-26 16:03

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Dena H2o 2.1.0 cpe:/a:dena:h2o:2.1.0
Dena H2o 2.1.0 cpe:/a:dena:h2o:2.1.0:beta1
  1. Dena (1) Search CVE
    1. H2o (1) Search CVE
      1. 2.1.0

CWE

ID Name Description Links
CWE-134 Use of Externally-Controlled Format String The software uses a function that accepts a format string as an argument, but the format string originates from an external source. CVE

History of changes

Date Event
2019-02-26 16:03
2017-05-12 18:29

New CVE