CVE-2015-7944

Опубликовано: 18 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Ссылки

http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
Patch
Third Party Advisory
VDB Entry
http://www.debian.org/security/2016/dsa-3431
http://www.ocert.org/advisories/ocert-2015-012.html
Patch
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39169/
http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2
Release Notes
Vendor Advisory
http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
Patch
Third Party Advisory
VDB Entry
http://www.debian.org/security/2016/dsa-3431

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:spi-inc:ganeti:*:*:*:*:*:*:*:*

Версия до 2.9.6 (включая)

cpe:2.3:a:spi-inc:ganeti:2.10.0:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.0:beta1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.0:rc1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.0:rc2:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.0:rc3:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.1:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.2:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.3:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.4:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.5:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.6:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.10.7:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.0:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.0:beta1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.0:rc1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.1:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.2:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.3:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.4:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.5:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.6:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.11.7:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.0:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.0:beta1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.0:rc1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.0:rc2:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.1:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.2:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.3:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.4:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.12.5:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.13.0:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.13.0:beta1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.13.0:rc1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.13.1:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.13.2:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.14.0:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.14.0:beta1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.14.0:beta2:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.14.0:rc1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.14.0:rc2:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.14.1:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.15.0:*:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.15.0:beta1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.15.0:rc1:*:*:*:*:*:*

cpe:2.3:a:spi-inc:ganeti:2.15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18955

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

CVE-2015-7944

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2015-7944

CVSS3: 7.5

debian

больше 8 лет назад

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...

GHSA-g6j6-f58r-vgxm

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 95%

0.18955

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399