Описание
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.2.0 (включая) до 1.6.6 (исключая)Версия от 1.2.0 (включая) до 1.6.6 (исключая)Версия от 1.7.0 (включая) до 1.7.4 (исключая)Версия от 1.7.0 (включая) до 1.7.4 (исключая)
Одно из
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 75%
0.00867
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
CVSS3: 7.5
debian
больше 5 лет назад
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...
CVSS3: 7.5
github
больше 4 лет назад
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
EPSS
Процентиль: 75%
0.00867
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770