Описание
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-3804
- https://github.com/cockpit-project/cockpit/pull/10819
- https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
- https://access.redhat.com/errata/RHSA-2019:1569
- https://access.redhat.com/errata/RHSA-2019:1571
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804
Связанные уязвимости
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode ...
