Main Vulnerability Database SB2014082605

SB2014082605 - Input validation error in Monkey

Published: August 26, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014082605

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2014-5336)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.

Remediation

Install update from vendor's website.

References

http://monkey-project.com/Announcements/v1.5.3
http://seclists.org/oss-sec/2014/q3/397
http://seclists.org/oss-sec/2014/q3/412
http://secunia.com/advisories/60783
http://www.securityfocus.com/bid/69279
https://exchange.xforce.ibmcloud.com/vulnerabilities/95336
https://github.com/monkey/monkey/commit/b2d0e6f92310bb14a15aa2f8e96e1fb5379776dd