CVE-2020-7219

Опубликовано: 28 янв. 2020

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Меры по смягчению последствий

Enforce network connection limits on Consul server agents by using the following iptables rule: iptables -A INPUT -p tcp --syn --dport 8300 -m connlimit --connlimit-above 100 -j REJECT --reject-with tcp-reset.

Затронутые пакеты

Платформа	Пакет	Состояние
OpenShift Service Mesh 1	servicemesh	Not affected
OpenShift Service Mesh 1	servicemesh-operator	Not affected
OpenShift Service Mesh 1	servicemesh-prometheus	Not affected
Red Hat Fuse 7	consul-client	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1805866consul: HTTP/RPC Services Allow Unbounded Resource Usage

EPSS

Процентиль: 80%

0.01439

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-7219

CVSS3: 7.5

ubuntu

больше 5 лет назад

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

CVE-2020-7219

CVSS3: 7.5

nvd

больше 5 лет назад

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

CVE-2020-7219

CVSS3: 7.5

debian

больше 5 лет назад

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...

GHSA-23jv-v6qj-3fhh

CVSS3: 7.5

github

около 4 лет назад

Denial of Service (DoS) in HashiCorp Consul

EPSS

Процентиль: 80%

0.01439

Низкий

7.5 High

CVSS3