Lucene search

Veracode Vulnerability DatabaseVERACODE:36986

HistorySep 09, 2022 - 2:16 a.m.

Denial Of Service (DoS)

2022-09-0902:16:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.7%

JSON

sdk-server is vulnerable to denial of service. The vulnerability exists because the maximum number of monitored items per session does not properly configure in the getMaxMonitoredItems function of OpcUaServerConfigLimits.java, allowing an attacker to cause an application crash by sending multiple CloseSession requests with the delete subscription parameter equal to false

CPENameOperatorVersion
sdk-serverle0.6.7
sdk-serverle0.6.7

CPE	Name	Operator	Version
	sdk-server	le	0.6.7
	sdk-server	le	0.6.7

References

github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5

github.com/eclipse/milo/issues/1030

github.com/eclipse/milo/pull/1031

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.7%

JSON

Related for VERACODE:36986