ID CVE-2019-3833
Summary Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
References
Vulnerable Configurations
  • OpenWSMAN Project OpenWSMAN 2.6.9
    cpe:2.3:a:openwsman_project:openwsman:2.6.9
  • Fedora 28
    cpe:2.3:o:fedoraproject:fedora:28
  • Fedora 29
    cpe:2.3:o:fedoraproject:fedora:29
  • Fedora 30
    cpe:2.3:o:fedoraproject:fedora:30
  • openSUSE Leap 15.0
    cpe:2.3:o:opensuse:leap:15.0
  • openSUSE Leap 42.3
    cpe:2.3:o:opensuse:leap:42.3
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-399
CAPEC
refmap via4
bid 107367
confirm
fedora
  • FEDORA-2019-348166f7fd
  • FEDORA-2019-64b384de9b
  • FEDORA-2019-af0cd1b8f7
suse
  • openSUSE-SU-2019:1111
  • openSUSE-SU-2019:1217
Last major update 14-03-2019 - 18:29
Published 14-03-2019 - 18:29
Last modified 17-04-2019 - 14:08
Back to Top