Lucene search

[email protected]CVE-2019-3833

HistoryMar 14, 2019 - 10:29 p.m.

CVE-2019-3833

2019-03-1422:29:00

CWE-835

[email protected]

web.nvd.nist.gov

235

cve-2019-3833

openwsman

infinite loop

denial of service

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.5%

JSON

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

VendorProductVersionCPE
openwsman_projectopenwsman*cpe:2.3:a:openwsman_project:openwsman:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openwsman_project	openwsman	*	cpe:2.3:a:openwsman_project:openwsman::::::::

References

bugzilla.suse.com/show_bug.cgi?id=1122623

lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html

www.securityfocus.com/bid/107367

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2019-3833

nessus22 redhat2 almalinux1 oraclelinux2 redhatcve1 osv3 cbl_mariner2 amazon1 centos1 veracode1 prion1 openvas5 rocky1 ubuntucve1 fedora3 suse2