CVE-2014-3648

Name of the Vulnerable Software and Affected Versions simplepush server (affected versions not specified)

Description The issue allows an attacker to generate endless exceptions or slow down the server by registering bogus applications with bad deviceTokens. This can turn the server into a DDOS vector or an anonymizer for posting malware. The server iterates through application installations and pushes notifications to user-controlled servers provided by deviceToken. An attacker can provide any HTTP endpoint, potentially wasting the server's time with slow endpoints or causing it to generate exceptions when those endpoints cannot be reached.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.