CVE-2025-52494 (CNNVD-202509-253)
中文标题:
AdaCore Ada Web Server 安全漏洞
英文标题:
Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to...
漏洞描述
中文描述:
AdaCore Ada Web Server(AdaCore AWS)是AdaCore公司的一款便于处理 HTTP 请求和 JSON 的 Ada 库。用于简化与 API 的交互过程。 AdaCore Ada Web Server 25.2之前版本存在安全漏洞,该漏洞源于SSL握手处理不当,可能导致拒绝服务攻击。
英文描述:
Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing slot. However, there is no specific timeout set for this phase, and the server uses the default socket timeout, which is effectively infinite. An attacker can exploit this by sending a malformed TLS ClientHello message with incorrect length values. This causes the server to wait indefinitely for data that never arrives, blocking the worker thread (Line) handling the connection. By opening multiple such connections, up to the server's maximum limit, the attacker can exhaust all available working threads, preventing the server from handling new, legitimate requests.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| adacore | ada_web_server | * | - | - |
cpe:2.3:a:adacore:ada_web_server:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-52494 |
2025-11-11 15:23:27 | 2025-11-11 07:40:39 |
| NVD | nvd_CVE-2025-52494 |
2025-11-11 15:01:01 | 2025-11-11 07:48:27 |
| CNNVD | cnnvd_CNNVD-202509-253 |
2025-11-11 15:12:55 | 2025-11-11 08:00:11 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-253
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']