Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service in uap-core when processing crafted User-Agent strings
Vulnerability Description
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
uap-core 输入验证错误漏洞
Vulnerability Description
uap-core 0.7.3之前版本中存在输入验证错误漏洞,该漏洞源于程序没有正确验证User-Agent字符串。远程攻击者可借助特制HTTP User-Agent标头请求利用该漏洞导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A