How severe is CVE-2018-3909?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2018-3909?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2018-3909 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.

Related Vulnerabilities

CVE-2018-21245

CRITICAL

CVSS:9.1(Critical)

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CWE-4442018

CVE-2018-3907

CRITICAL

CVSS:9.1(Critical)

CWE-4442018

CVE-2018-3908

CRITICAL

CVSS:9.1(Critical)

CWE-4442018

CVE-2019-20444

CRITICAL

CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid...

CWE-4442019

CVE-2019-20445

CRITICAL

CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CWE-4442019

CVE-2021-46825

CRITICAL

CVSS:9.1(Critical)

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the ...

CWE-4442021