Lucene search

K

Veracode Vulnerability DatabaseVERACODE:5880

HistoryMar 05, 2018 - 3:31 a.m.

Potentially Insecure Configuration

2018-03-0503:31:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.003

Percentile

68.6%

Mosquitto is vulnerable to potentially insecure configuration issues. The vulnerability is caused by a SIGHUP signal when no additional file descriptors can be allocated by the broker when opening the configuration file. This causes the default configuration values to be reloaded, which can potentially strip off the intended security options.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=530102

github.com/eclipse/mosquitto/commit/b76982db13a874895a6afd1e99c2d6203eee909c

lists.debian.org/debian-lts-announce/2018/03/msg00037.html

lists.debian.org/debian-lts-announce/2018/06/msg00016.html

mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/

www.debian.org/security/2018/dsa-4325

EPSS

0.003

Percentile

68.6%

Related for VERACODE:5880

nvd1 debiancve1 prion1 cvelist1 alpinelinux1 ubuntucve1 cve1 osv5 openvas6 debian4 nessus6 fedora4