PT-2014-7852 · Forgerock · Openam
Published
2014-11-14
·
Updated
2015-02-10
·
CVE-2014-7246
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenAM versions 9.5.3 through 9.5.5
OpenAM versions 10.0.0 through 10.0.2
OpenAM version 10.1.0-Xpress
OpenAM versions 11.0.0 through 11.0.2
Description
The issue allows remote authenticated users to cause a denial of service, resulting in an infinite loop, by sending a crafted cookie in a request when the Core Server is deployed on a multi-server network.
Recommendations
For OpenAM versions 9.5.3 through 9.5.5, update to a version outside of this range to resolve the issue.
For OpenAM versions 10.0.0 through 10.0.2, update to a version outside of this range to resolve the issue.
For OpenAM version 10.1.0-Xpress, update to a version outside of this range to resolve the issue.
For OpenAM versions 11.0.0 through 11.0.2, update to a version outside of this range to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openam