CVE-2009-0751

Exp

Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.

Published: 2009-03-02 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2009-0751

EPSS CVSS CWE Exploit-DB Affected OS Tracker

Conclusion & alert: CVE-2009-0751 is rated High Exploit Risk (63.3/100): CVSS Medium severity, with high exploitation likelihood (EPSS 10.40%, 95th percentile). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2009-0751

EDB-ID	Source	Kind	Published	Link
8148	exploit_db	edb	2009-03-03	Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2009-0751

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	19.53%	10.40%	-9.13%
2	2026-03-02	22.40%	19.53%	-2.87%
3	2025-10-16	—	22.40%	—

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-0751

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Weakness enumeration for CVE-2009-0751

CWE-399 MITRE ↗

OS Trackers for CVE-2009-0751

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2009-0751 not yet assigned priority: Debian including 1 source packages (yaws), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2009-0751
`ubuntu`	low	CVE-2009-0751 low priority: Ubuntu including 1 source packages (yaws), 11 status rows across 11 suites (dapper, gutsy, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): not-affected 6, ignored 4, needs-triage 1.	https://ubuntu.com/security/CVE-2009-0751

Affected software / configurations for CVE-2009-0751

Vendor	Product	Version	Raw CPE
yaws	yaws	<= 1.79	cpe:2.3:a:yaws:yaws::::::::
yaws	yaws	1.50	cpe:2.3:a:yaws:yaws:1.50:::::::*
yaws	yaws	1.51	cpe:2.3:a:yaws:yaws:1.51:::::::*
yaws	yaws	1.52	cpe:2.3:a:yaws:yaws:1.52:::::::*
yaws	yaws	1.53	cpe:2.3:a:yaws:yaws:1.53:::::::*
yaws	yaws	1.54	cpe:2.3:a:yaws:yaws:1.54:::::::*
yaws	yaws	1.55	cpe:2.3:a:yaws:yaws:1.55:::::::*
yaws	yaws	1.56	cpe:2.3:a:yaws:yaws:1.56:::::::*
yaws	yaws	1.57	cpe:2.3:a:yaws:yaws:1.57:::::::*
yaws	yaws	1.58	cpe:2.3:a:yaws:yaws:1.58:::::::*
yaws	yaws	1.61	cpe:2.3:a:yaws:yaws:1.61:::::::*
yaws	yaws	1.62	cpe:2.3:a:yaws:yaws:1.62:::::::*
yaws	yaws	1.63	cpe:2.3:a:yaws:yaws:1.63:::::::*
yaws	yaws	1.64	cpe:2.3:a:yaws:yaws:1.64:::::::*
yaws	yaws	1.65	cpe:2.3:a:yaws:yaws:1.65:::::::*
yaws	yaws	1.66	cpe:2.3:a:yaws:yaws:1.66:::::::*
yaws	yaws	1.67	cpe:2.3:a:yaws:yaws:1.67:::::::*
yaws	yaws	1.68	cpe:2.3:a:yaws:yaws:1.68:::::::*
yaws	yaws	1.70	cpe:2.3:a:yaws:yaws:1.70:::::::*
yaws	yaws	1.71	cpe:2.3:a:yaws:yaws:1.71:::::::*
yaws	yaws	1.72	cpe:2.3:a:yaws:yaws:1.72:::::::*
yaws	yaws	1.73	cpe:2.3:a:yaws:yaws:1.73:::::::*
yaws	yaws	1.74	cpe:2.3:a:yaws:yaws:1.74:::::::*
yaws	yaws	1.75	cpe:2.3:a:yaws:yaws:1.75:::::::*
yaws	yaws	1.76	cpe:2.3:a:yaws:yaws:1.76:::::::*
yaws	yaws	1.77	cpe:2.3:a:yaws:yaws:1.77:::::::*
yaws	yaws	1.78	cpe:2.3:a:yaws:yaws:1.78:::::::*

References for CVE-2009-0751

URL	Tags
http://secunia.com/advisories/33979	Vendor Advisory
http://secunia.com/advisories/34239
http://www.debian.org/security/2009/dsa-1740
http://www.openwall.com/lists/oss-security/2009/02/19/1
http://www.securityfocus.com/bid/33834
http://www.vupen.com/english/advisories/2009/0590
http://yaws.hyber.org/	Vendor Advisory
https://www.exploit-db.com/exploits/8148

cvelogic Threat Intelligence