The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| c-icap_project | c-icap | 0.2.3 |
| c-icap_project | c-icap | 0.2.4 |
| c-icap_project | c-icap | 0.2.2 |
| c-icap_project | c-icap | 0.2.6 |
| c-icap_project | c-icap | 0.2.5 |
| c-icap_project | c-icap | 0.2.1 |
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| c-icap_project | c-icap | 0.2.3 |
| c-icap_project | c-icap | 0.2.4 |
| c-icap_project | c-icap | 0.2.2 |
| c-icap_project | c-icap | 0.2.6 |
| c-icap_project | c-icap | 0.2.5 |
| c-icap_project | c-icap | 0.2.1 |