- Description
- The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-908
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
RubySec ➜ CVE-2025-26803 (passenger): Phusion Passenger denial of service https://t.co/kDgyvDhg29
@rubylandnews
25 Feb 2025
116 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26803 Denial of Service in Phusion Passenger 6.0.21-6.0.25 via Invalid HTTP Method Parsing https://t.co/hWbs8cocIM
@VulmonFeeds
25 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26803 The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. https://t.co/AjmjClpjY1
@CVEnew
24 Feb 2025
371 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1F79731-545B-4878-AA72-B685EADA801E",
"versionEndExcluding": "6.0.26",
"versionStartIncluding": "6.0.21"
}
],
"operator": "OR"
}
]
}
]