Bug 667478 (CVE-2010-1677) - CVE-2010-1677 mhonarc: remote DoS via certain tags
Summary: CVE-2010-1677 mhonarc: remote DoS via certain tags
Status: NEW
Alias: CVE-2010-1677
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 664730 667483 928096
TreeView+ depends on / blocked
Reported: 2011-01-05 18:21 UTC by Vincent Danen
Modified: 2019-09-29 12:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Vincent Danen 2011-01-05 18:21:55 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1677 to
the following vulnerability:

Name: CVE-2010-1677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1677
Assigned: 20100430
Reference: MLIST:[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting
Reference: URL: http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html
Reference: CONFIRM: http://savannah.nongnu.org/bugs/?32014
Reference: VUPEN:ADV-2010-3344
Reference: URL: http://www.vupen.com/english/advisories/2010/3344

MHonArc 2.6.16 allows remote attackers to cause a denial of service
(CPU consumption) via start tags that are placed within other start
tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a
different vulnerability than CVE-2010-4524.

Comment 2 Vincent Danen 2011-01-05 18:36:57 UTC
Created mhonarc tracking bugs for this issue

Affects: fedora-all [bug 664730]

Comment 3 Vincent Danen 2013-03-26 21:23:58 UTC
Created mhonarc tracking bugs for this issue

Affects: epel-all [bug 928096]

Comment 4 Vincent Danen 2013-03-26 21:24:19 UTC
Current Fedora has the fixed 2.6.18 version, but current EPEL still ships the vulnerable 2.6.16 version.

Note You need to log in before you can comment on or make changes to this bug.