CVE-2016-7797

Опубликовано: 22 фев. 2016

Источник: redhat

CVSS3: 8.6

CVSS2: 7.1

Описание

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	pacemaker	Not affected
Red Hat Enterprise Linux 7	pacemaker	Fixed	RHSA-2016:2578	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1379784pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack

8.6 High

CVSS3

7.1 High

CVSS2

Связанные уязвимости

CVE-2016-7797

CVSS3: 7.5

ubuntu

почти 9 лет назад

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

CVE-2016-7797

CVSS3: 7.5

nvd

почти 9 лет назад

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

CVE-2016-7797

CVSS3: 7.5

debian

почти 9 лет назад

Pacemaker before 1.1.15, when using pacemaker remote, might allow remo ...

GHSA-gp6f-9wm3-5hr4

CVSS3: 7.5

github

больше 3 лет назад

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

openSUSE-SU-2016:3101-1

suse-cvrf

около 9 лет назад

Security update for pacemaker

8.6 High

CVSS3

7.1 High

CVSS2