All the vulnerabilites related to Kazuho Oku - H2O
jvndb-2016-000003
Vulnerability from jvndb
Published
2016-01-15 13:57
Modified
2016-01-27 17:33
Severity ?
Summary
H2O vulnerable to HTTP header injection
Details
H2O is an open source web server software. H2O contains an HTTP header injection vulnerability.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN45928828/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1133 | |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1133 | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000003.html",
"dc:date": "2016-01-27T17:33+09:00",
"dcterms:issued": "2016-01-15T13:57+09:00",
"dcterms:modified": "2016-01-27T17:33+09:00",
"description": "H2O is an open source web server software. H2O contains an HTTP header injection vulnerability.\r\n\r\nKazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000003.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN45928828/index.html",
"@id": "JVN#45928828",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1133",
"@id": "CVE-2016-1133",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1133",
"@id": "CVE-2016-1133",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "H2O vulnerable to HTTP header injection"
}
jvndb-2016-000091
Vulnerability from jvndb
Published
2016-05-27 13:46
Modified
2016-06-23 17:23
Severity ?
Summary
H2O use-after-free vulnerability
Details
H2O is an open source web server software. H2O contains a use-after-free vulnerability.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN87859762/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4817 | |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4817 | |
| Resource Management Errors(CWE-399) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000091.html",
"dc:date": "2016-06-23T17:23+09:00",
"dcterms:issued": "2016-05-27T13:46+09:00",
"dcterms:modified": "2016-06-23T17:23+09:00",
"description": "H2O is an open source web server software. H2O contains a use-after-free vulnerability.\r\n\r\nKazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000091.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000091",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87859762/index.html",
"@id": "JVN#87859762",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4817",
"@id": "CVE-2016-4817",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4817",
"@id": "CVE-2016-4817",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-399",
"@title": "Resource Management Errors(CWE-399)"
}
],
"title": "H2O use-after-free vulnerability"
}
jvndb-2016-000248
Vulnerability from jvndb
Published
2016-12-22 14:26
Modified
2017-11-27 16:53
Severity ?
Summary
H2O use-after-free vulnerability
Details
H2O is an open source web server software. H2O contains a use-after-free vulnerability (CWE-416) due to a flaw in the process of upgrading from HTTP/1 to HTTP/2.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN44566208/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7835 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-7835 | |
| Resource Management Errors(CWE-399) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000248.html",
"dc:date": "2017-11-27T16:53+09:00",
"dcterms:issued": "2016-12-22T14:26+09:00",
"dcterms:modified": "2017-11-27T16:53+09:00",
"description": "H2O is an open source web server software. H2O contains a use-after-free vulnerability (CWE-416) due to a flaw in the process of upgrading from HTTP/1 to HTTP/2.\r\n\r\nKazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000248.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"@version": "2.0"
},
{
"@score": "9.1",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000248",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN44566208/index.html",
"@id": "JVN#44566208",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7835",
"@id": "CVE-2016-7835",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7835",
"@id": "CVE-2016-7835",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-399",
"@title": "Resource Management Errors(CWE-399)"
}
],
"title": "H2O use-after-free vulnerability"
}
jvndb-2017-000249
Vulnerability from jvndb
Published
2017-12-18 15:17
Modified
2018-04-04 13:49
Severity ?
Summary
Multiple vulnerabilities in H2O
Details
H2O is an open source web server software. H2O contains multiple vulnerabilities listed below.
* A Denial-of-service (DoS) due to a flaw in processing HTTP/1 header (CWE-20) - CVE-2017-10868
* Stack-based buffer overflow (CWE-121) - CVE-2017-10869
* A Denial-of-service (DoS) due to a flaw in outputting of the access log (CWE-118) - CVE-2017-10872
* A Denial-of-service (DoS) due to a flaw in processing HTTP/2 header (CWE-20) - CVE-2017-10908
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000249.html",
"dc:date": "2018-04-04T13:49+09:00",
"dcterms:issued": "2017-12-18T15:17+09:00",
"dcterms:modified": "2018-04-04T13:49+09:00",
"description": "H2O is an open source web server software. H2O contains multiple vulnerabilities listed below. \r\n\r\n* A Denial-of-service (DoS) due to a flaw in processing HTTP/1 header (CWE-20) - CVE-2017-10868\r\n* Stack-based buffer overflow (CWE-121) - CVE-2017-10869\r\n* A Denial-of-service (DoS) due to a flaw in outputting of the access log (CWE-118) - CVE-2017-10872\r\n* A Denial-of-service (DoS) due to a flaw in processing HTTP/2 header (CWE-20) - CVE-2017-10908\r\n\r\nKazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000249.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000249",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84182676/index.html",
"@id": "JVN#84182676",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10868",
"@id": "CVE-2017-10868",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10869",
"@id": "CVE-2017-10869",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10872",
"@id": "CVE-2017-10872",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10908",
"@id": "CVE-2017-10908",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10868",
"@id": "CVE-2017-10868",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10869",
"@id": "CVE-2017-10869",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10872",
"@id": "CVE-2017-10872",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10908",
"@id": "CVE-2017-10908",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Multiple vulnerabilities in H2O"
}
jvndb-2018-000061
Vulnerability from jvndb
Published
2018-06-04 14:10
Modified
2018-06-04 14:10
Severity ?
Summary
H2O vulnerable to buffer overflow
Details
H2O is open source web server software. H2O contains a buffer overflow vulnerability (CWE-119) due to a processing flaw in the output of Access Log.
Marlies Ruck of ForAllSecure reported this vulnerability to Kazuho Oku, and Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000061.html",
"dc:date": "2018-06-04T14:10+09:00",
"dcterms:issued": "2018-06-04T14:10+09:00",
"dcterms:modified": "2018-06-04T14:10+09:00",
"description": "H2O is open source web server software. H2O contains a buffer overflow vulnerability (CWE-119) due to a processing flaw in the output of Access Log.\r\n\r\nMarlies Ruck of ForAllSecure reported this vulnerability to Kazuho Oku, and Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000061.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000061",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN93226941/index.html",
"@id": "JVN#93226941",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0608",
"@id": "CVE-2018-0608",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0608",
"@id": "CVE-2018-0608",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "H2O vulnerable to buffer overflow"
}
jvndb-2015-000136
Vulnerability from jvndb
Published
2015-09-17 13:36
Modified
2015-10-05 17:32
Summary
H2O vulnerable to directory traversal
Details
H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal (CWE-22) vulnerability.
Yusuke OSUMI reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000136.html",
"dc:date": "2015-10-05T17:32+09:00",
"dcterms:issued": "2015-09-17T13:36+09:00",
"dcterms:modified": "2015-10-05T17:32+09:00",
"description": "H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal (CWE-22) vulnerability.\r\n\r\nYusuke OSUMI reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000136.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000136",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65602714/index.html",
"@id": "JVN#65602714",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5638",
"@id": "CVE-2015-5638",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5638",
"@id": "CVE-2015-5638",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "H2O vulnerable to directory traversal"
}
jvndb-2016-000159
Vulnerability from jvndb
Published
2016-09-15 14:26
Modified
2017-11-27 17:23
Severity ?
Summary
H2O use of externally-controlled format string
Details
H2O is an open source web server software. H2O uses externally-controlled format strings (CWE-134) in the code which output error logs.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN94779084/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4864 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4864 | |
| Uncontrolled Format String(CWE-134) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kazuho Oku | H2O |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000159.html",
"dc:date": "2017-11-27T17:23+09:00",
"dcterms:issued": "2016-09-15T14:26+09:00",
"dcterms:modified": "2017-11-27T17:23+09:00",
"description": "H2O is an open source web server software. H2O uses externally-controlled format strings (CWE-134) in the code which output error logs.\r\n\r\nKazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000159.html",
"sec:cpe": {
"#text": "cpe:/a:h2o_project:h2o",
"@product": "H2O",
"@vendor": "Kazuho Oku",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000159",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN94779084/index.html",
"@id": "JVN#94779084",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4864",
"@id": "CVE-2016-4864",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4864",
"@id": "CVE-2016-4864",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-134",
"@title": "Uncontrolled Format String(CWE-134)"
}
],
"title": "H2O use of externally-controlled format string"
}
cve-2017-10872
Vulnerability from cvelistv5
Published
2017-12-22 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/h2o/h2o/issues/1543 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN84182676/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: version 2.2.3 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1543"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "version 2.2.3 and earlier"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h2o/h2o/issues/1543"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "version 2.2.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/h2o/h2o/issues/1543",
"refsource": "CONFIRM",
"url": "https://github.com/h2o/h2o/issues/1543"
},
{
"name": "JVN#84182676",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10872",
"datePublished": "2017-12-22T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7835
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95061 | vdb-entry, x_refsource_BID | |
| https://github.com/h2o/h2o/issues/1144 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN44566208/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: version 2.0.4 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1144"
},
{
"name": "JVN#44566208",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN44566208/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "version 2.0.4 and earlier"
}
]
}
],
"datePublic": "2016-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "95061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h2o/h2o/issues/1144"
},
{
"name": "JVN#44566208",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN44566208/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "version 2.0.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95061"
},
{
"name": "https://github.com/h2o/h2o/issues/1144",
"refsource": "CONFIRM",
"url": "https://github.com/h2o/h2o/issues/1144"
},
{
"name": "JVN#44566208",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN44566208/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7835",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4864
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/h2o/h2o/issues/1077 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN94779084/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: versions 2.0.3 and earlier Version: versions 2.1.0-beta2 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1077"
},
{
"name": "JVN#94779084",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN94779084/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "versions 2.0.3 and earlier"
},
{
"status": "affected",
"version": "versions 2.1.0-beta2 and earlier"
}
]
}
],
"datePublic": "2016-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Format String Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-12T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h2o/h2o/issues/1077"
},
{
"name": "JVN#94779084",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN94779084/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "versions 2.0.3 and earlier"
},
{
"version_value": "versions 2.1.0-beta2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Format String Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/h2o/h2o/issues/1077",
"refsource": "CONFIRM",
"url": "https://github.com/h2o/h2o/issues/1077"
},
{
"name": "JVN#94779084",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN94779084/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4864",
"datePublished": "2017-05-12T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:38.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10868
Vulnerability from cvelistv5
Published
2017-12-22 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/h2o/h2o/issues/1459 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN84182676/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: version 2.2.2 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1459"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "version 2.2.2 and earlier"
}
]
}
],
"datePublic": "2017-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h2o/h2o/issues/1459"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "version 2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/h2o/h2o/issues/1459",
"refsource": "CONFIRM",
"url": "https://github.com/h2o/h2o/issues/1459"
},
{
"name": "JVN#84182676",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10868",
"datePublished": "2017-12-22T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10869
Vulnerability from cvelistv5
Published
2017-12-22 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/h2o/h2o/issues/1460 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN84182676/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: version 2.2.2 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1460"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "version 2.2.2 and earlier"
}
]
}
],
"datePublic": "2017-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h2o/h2o/issues/1460"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "version 2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/h2o/h2o/issues/1460",
"refsource": "CONFIRM",
"url": "https://github.com/h2o/h2o/issues/1460"
},
{
"name": "JVN#84182676",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10869",
"datePublished": "2017-12-22T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0608
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN93226941/index.html | third-party-advisory, x_refsource_JVN | |
| https://github.com/h2o/h2o/issues/1775 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: version 2.2.4 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#93226941",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN93226941/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "version 2.2.4 and earlier"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#93226941",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN93226941/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/h2o/h2o/issues/1775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "version 2.2.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#93226941",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93226941/index.html"
},
{
"name": "https://github.com/h2o/h2o/issues/1775",
"refsource": "MISC",
"url": "https://github.com/h2o/h2o/issues/1775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0608",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10908
Vulnerability from cvelistv5
Published
2017-12-22 14:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/h2o/h2o/issues/1544 | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN84182676/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kazuho Oku | H2O |
Version: version 2.2.3 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/h2o/h2o/issues/1544"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "version 2.2.3 and earlier"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/h2o/h2o/issues/1544"
},
{
"name": "JVN#84182676",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "H2O",
"version": {
"version_data": [
{
"version_value": "version 2.2.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Kazuho Oku"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/h2o/h2o/issues/1544",
"refsource": "CONFIRM",
"url": "https://github.com/h2o/h2o/issues/1544"
},
{
"name": "JVN#84182676",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN84182676/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10908",
"datePublished": "2017-12-22T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}