PT-2019-1633 · Openwsman+5 · Openwsman+5

Adam Mariš

Publicado

2019-03-12

Atualizado

2023-02-12

CVE-2019-3833

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Openwsman versions up to and including 2.6.9

Description The issue is related to an infinite loop in the process connection() function when parsing specially crafted HTTP requests, such as /api/v1/login. A remote, unauthenticated attacker can exploit this by sending a malicious HTTP request to cause a denial of service to the openwsman server. The vulnerability is also associated with resource management errors.

Recommendations For Openwsman versions up to and including 2.6.9, consider disabling the process connection() function as a temporary workaround until a patch is available. Restrict access to the openwsman server to minimize the risk of exploitation. Avoid using the openwsman server until the issue is resolved.

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-835

Identificadores relacionados

ALSA-2020:4689

AZL-36970

AZL-37152

BDU:2019-01181

CESA-2020_3940

CESA-2020_4689

CVE-2019-3833

OPENSUSE-SU-2019:1111-1

OPENSUSE-SU-2019_1111-1

OPENSUSE-SU-2019_1217-1

RHSA-2020:3940

RHSA-2020:4689

RHSA-2020_3940

RHSA-2020_4689

RLSA-2020:4689

SUSE-SU-2019:0654-1

SUSE-SU-2019:0656-1

SUSE-SU-2019:13981-1

Produtos afetados

Almalinux

Centos

Openwsman

Red Hat

Rocky Linux

Suse

PT-2019-1633 · Openwsman+5 · Openwsman+5

CVE-2019-3833

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38