ID de Prueba:	1.3.6.1.4.1.25623.1.0.801039
Categoría:	Denial of Service
Título:	HTML-Parser 'decode_entities()' Denial of Service Vulnerability
Resumen:	HTML-Parser is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: HTML-Parser is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error within the 'decode_entities()' function in 'utils.c', which can be exploited to cause an infinite loop by tricking an application into processing a specially crafted string using this library. Vulnerability Impact: Successful exploitation could result in Denial of service condition. Affected Software/OS: HTML-Parser versions prior to 3.63 on Linux. Solution: Upgrade to HTML-Parser version 3.63 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3627 36807 http://www.securityfocus.com/bid/36807 37155 http://secunia.com/advisories/37155 ADV-2009-3022 http://www.vupen.com/english/advisories/2009/3022 [oss-security] 20091023 CVE-2009-3627 assignment notification - HTML-Parser-3.63 http://www.openwall.com/lists/oss-security/2009/10/23/9 htmlparser-decodeentities-dos(53941) https://exchange.xforce.ibmcloud.com/vulnerabilities/53941 http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c https://bugzilla.redhat.com/show_bug.cgi?id=530604 https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.