Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:65559247
HistoryNov 10, 2014 - 12:00 a.m.

JVN#65559247: OpenAM vulnerable to denial-of-service (DoS)

2014-11-1000:00:00
Japan Vulnerability Notes
jvn.jp
14

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.022 Low

EPSS

Percentile

89.6%

JSON

OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service (DoS) vulnerability due to a flaw in processing Cookies (CWE-400).

Impact

When an OpenAM system is running “site” configuration with multiple instances, an authenticated attacker may be able to cause a denial-of-service (DoS).

Solution

Apply a Patch
Apply the appropriate patch according to the information provided by the developer.

Products Affected

  • OpenAM 9.5.3-9.5.5, 10.0.0-10.0.2, 10.1.0-Xpress, 11.0.0-11.0.2

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2014-7246
2014-11-14 00:59:01
prion
prion
Design/Logic Flaw
2014-11-14 00:59:00
cve
cve
CVE-2014-7246
2014-11-14 00:59:01
cvelist
cvelist
CVE-2014-7246
2014-11-14 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.022 Low

EPSS

Percentile

89.6%

JSON
Related for JVN:65559247
nvd1prion1cve1cvelist1