CVE-2015-1778

Опубликовано: 27 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

Ссылки

http://www.openwall.com/lists/oss-security/2015/03/20/3
Mailing List
VDB Entry
http://www.securityfocus.com/bid/73255
Third Party Advisory
VDB Entry
https://cloudrouter.org/security/
Third Party Advisory
https://wiki.opendaylight.org/view/Security_Advisories
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/03/20/3
Mailing List
VDB Entry
http://www.securityfocus.com/bid/73255
Third Party Advisory
VDB Entry
https://cloudrouter.org/security/
Third Party Advisory
https://wiki.opendaylight.org/view/Security_Advisories
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opendaylight:opendaylight:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03002

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-qm24-4869-99pj