Shellinabox
by Shellinabox
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8400 | Hig | 0.48 | 7.4 | 0.01 | Jan 12, 2016 | The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | ||
| CVE-2018-16789 | 0.00 | — | 0.01 | Mar 17, 2019 | libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and… |
- risk 0.48cvss 7.4epss 0.01
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.
- CVE-2018-16789Mar 17, 2019risk 0.00cvss —epss 0.01
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and…