Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3833

Опубликовано: 12 мар. 2019
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Отчет

Red Hat OpenStack Platform currently only utilizes the client and python client API bindings, not the server components of openwsman. Additionally, updates for this package are received through the Red Hat Enterprise Linux repository. Red Hat Enterprise Virtualization uses only the openwsman-python client API bindings, not the server components of openwsman. This issue affects the versions of openwsman as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6openwsmanWill not fix
Red Hat OpenStack Platform 8 (Liberty) DirectoropenwsmanWill not fix
Red Hat OpenStack Platform 9 (Mitaka) DirectoropenwsmanWill not fix
Red Hat Virtualization 4redhat-virtualization-hostNot affected
Red Hat Enterprise Linux 7openwsmanFixedRHSA-2020:394029.09.2020
Red Hat Enterprise Linux 8openwsmanFixedRHSA-2020:468904.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1674478openwsman: Infinite loop in process_connection() allows denial of service

EPSS

Процентиль: 88%
0.04069
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3833

CVSS3: 7.5
ubuntu
больше 6 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

nvd логотип

CVE-2019-3833

CVSS3: 7.5
nvd
больше 6 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

msrc логотип

CVE-2019-3833

CVSS3: 7.5
msrc
9 месяцев назад

Описание отсутствует

debian логотип

CVE-2019-3833

CVSS3: 7.5
debian
больше 6 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to infin ...

rocky логотип

RLSA-2020:4689

rocky
больше 4 лет назад

Moderate: openwsman security update

EPSS

Процентиль: 88%
0.04069
Низкий

7.5 High

CVSS3

Уязвимость CVE-2019-3833