PT-2018-4405 · Atlassian · Floodlight Controller

Xuraylei

Published

2018-02-21

Updated

2018-03-19

CVE-2015-6569

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Atlassian Floodlight Controller versions prior to 1.2

Description A race condition in the LoadBalancer module allows remote attackers to cause a denial of service via a state manipulation attack, resulting in a NULL pointer dereference and thread crash.

Recommendations For versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the LoadBalancer module to minimize the risk of exploitation.

Fix

Race Condition

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-476

Related Identifiers

CVE-2015-6569

Affected Products

Floodlight Controller

PT-2018-4405 · Atlassian · Floodlight Controller

CVE-2015-6569

Weakness Enumeration

Related Identifiers

Affected Products

References · 4