Denial Of Service (DoS) Via CPU Consumption

2019-01-1509:01:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Red Hat Storage is vulnerable to a denial of service attack. The attack is due to the flaw in the way Python’s SSL module implementation performed matching of certain certificate names, allowing the attacker to input a valid certificate containing multiple wildcard characters resulting in excessive consumption of CPU in validation stage.

CPENameOperatorVersion
redhat-storage-servereq2.1.0.3__1.el6rhs
redhat-storage-servereq2.1.2.0__3.el6rhs
redhat-storage-servereq2.1.1.0__6.el6rhs
python-backports-ssl_match_hostnameeq3.2__0.2.a3.el6ost
python-backports-ssl_match_hostnameeq3.2__0.2.1.a3.el6
glusterfseq3.3.0.14rhs__1.el6rhs
glusterfseq3.2.5__2.el6
glusterfseq3.4.0.44rhs__1.el6rhs
glusterfseq3.3.0.2rhs__30.el6rhs
glusterfseq3.3.0.11rhs__1.el6rhs

Name	Operator	Version
redhat-storage-server	eq	2.1.0.3__1.el6rhs
redhat-storage-server	eq	2.1.2.0__3.el6rhs
redhat-storage-server	eq	2.1.1.0__6.el6rhs
python-backports-ssl_match_hostname	eq	3.2__0.2.a3.el6ost
python-backports-ssl_match_hostname	eq	3.2__0.2.1.a3.el6
glusterfs	eq	3.3.0.14rhs__1.el6rhs
glusterfs	eq	3.2.5__2.el6
glusterfs	eq	3.4.0.44rhs__1.el6rhs
glusterfs	eq	3.3.0.2rhs__30.el6rhs
glusterfs	eq	3.3.0.11rhs__1.el6rhs