Описание
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
An unbound resource consumption vulnerability was found in the API of consul. A remote attacker with a connection to the consul agent servers could abuse this flaw to cause a denial of service (DoS) by repeatedly sending TLS connect attempts over HTTP or RPC, possibly causing an application crash.
Меры по смягчению последствий
Enforce network connection limits on Consul server agents by using the following iptables rule: iptables -A INPUT -p tcp --syn --dport 8300 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-operator | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-prometheus | Not affected | ||
| Red Hat Fuse 7 | consul-client | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...
7.5 High
CVSS3