Описание
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7944
- https://www.exploit-db.com/exploits/39169
- http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8
- http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8
- http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6
- http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3
- http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2
- http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2
- http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7
- http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
- http://www.debian.org/security/2016/dsa-3431
- http://www.ocert.org/advisories/ocert-2015-012.html
Связанные уязвимости
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...