Lucene search
K

61 matches found

OSV
OSV
added 2018/09/21 1:29 p.m.14 views

CVE-2018-8023

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

5.9CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2018/09/21 1:29 p.m.18 views

Authentication flaw

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

4.3CVSS6.6AI score0.03056EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/09/21 1:0 p.m.35 views

CVE-2018-8023

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

6.6AI score0.03056EPSS
Exploits0References2
CVE
CVE
added 2018/09/21 1:0 p.m.95 views

CVE-2018-8023

The provided records confirm CVE-2018-8023 affects Apache Mesos: pre-1.4.2, 1.5.0, 1.5.1, and 1.6.0 have a timing-attack flaw in JWT HMAC verification due to using a non-constant-time string comparison. This may enable an attacker to deduce the correct HMAC value during JWT validation. Several co...

5.9CVSS5.6AI score0.03056EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/09/16 12:0 a.m.3 views

Apache Mesos libprocess Denial of Service Vulnerability

Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architectures of open source cluster management software. libprocess is one of the underlying network communication libraries . A security vulnerabilit...

7.5CVSS7.5AI score0.03674EPSS
Exploits0References1
NVD
NVD
added 2018/09/13 7:29 p.m.30 views

CVE-2018-1330

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...

7.5CVSS8.3AI score0.03674EPSS
Exploits0References1
Prion
Prion
added 2018/09/13 7:29 p.m.18 views

Code injection

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...

5CVSS8.1AI score0.03674EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/09/13 7:29 p.m.28 views

CVE-2018-1330

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...

7.5CVSS6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2018/09/13 7:0 p.m.36 views

CVE-2018-1330

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...

8.3AI score0.03674EPSS
Exploits0References1
OSV
OSV
added 2017/09/29 1:34 a.m.16 views

CVE-2017-9790

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

7.5CVSS6.8AI score0.02446EPSS
Exploits0References2
NVD
NVD
added 2017/09/29 1:34 a.m.15 views

CVE-2017-9790

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

7.5CVSS7.4AI score0.02446EPSS
Exploits0References2
OSV
OSV
added 2017/09/29 1:34 a.m.26 views

CVE-2017-7687

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of...

7.5CVSS7AI score0.02448EPSS
Exploits0References2
NVD
NVD
added 2017/09/29 1:34 a.m.25 views

CVE-2017-7687

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of...

7.5CVSS7.5AI score0.02448EPSS
Exploits0References2
Prion
Prion
added 2017/09/29 1:34 a.m.15 views

Cross site request forgery (csrf)

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

5CVSS7AI score0.02446EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/09/29 1:34 a.m.22 views

Path traversal

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of...

5CVSS7.5AI score0.02448EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/28 8:0 p.m.17 views

CVE-2017-9790

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

7.5AI score0.02446EPSS
Exploits0References2
CVE
CVE
added 2017/09/28 8:0 p.m.77 views

CVE-2017-9790

CVE-2017-9790 affects Apache Mesos’ libprocess: when handling a libprocess message wrapped in an HTTP request, the parser assumes the request path always starts with '/' and crashes if the path is empty. This can cause a denial of service on Mesos masters, rendering the Mesos-controlled cluster i...

7.5CVSS7.4AI score0.02446EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/09/28 8:0 p.m.78 views

CVE-2017-7687

The CVE-2017-7687 entry affects Apache Mesos where libprocess may crash while handling a decoding failure for a malformed URL path in an HTTP request. Affected are Mesos releases using libprocess prior to 1.1.3, 1.2.x prior to 1.2.2, 1.3.x prior to 1.3.1, and 1.4.0-dev. The root cause is that the...

7.5CVSS7.5AI score0.02448EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/28 8:0 p.m.27 views

CVE-2017-7687

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of...

7.6AI score0.02448EPSS
Exploits0References2
CNVD
CNVD
added 2017/09/28 12:0 a.m.5 views

Apache Mesos Denial of Service Vulnerability (CNVD-2017-33268)

Apache Mesos is open source cluster management software , support for Hadoop, ElasticSearch, Spark, Storm and Kafka application architecture. Apache Mesos has a security vulnerability that allows remote attackers to exploit requests submitted through the vulnerability and crash applications...

7.5CVSS7.8AI score0.02446EPSS
Exploits0References1
Rows per page
Query Builder