Main Vulnerability Database Vulnerabilities #VU72750

#VU72750 Inefficient Algorithmic Complexity in http-cache-semantics - CVE-2022-25881

Published: March 3, 2023

Vulnerability identifier: #VU72750

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-25881

CWE-ID: CWE-407

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
http-cache-semantics

Software vendor:
kornelski

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to regular expression denial of service that occurs when the server reads the cache policy from the request using this library. A remote unauthenticated attacker can send malicious request header values to the server and perform a denial of service attack.

Remediation

Install updates from vendor's website.

External links

https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332

#VU72750 Inefficient Algorithmic Complexity in http-cache-semantics - CVE-2022-25881

Description

Remediation

External links

Please verify you're human