7.5

CVE-2015-7944

EPSS 18.96%
Veröffentlicht 18.08.2017 17:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Spi-inc ≫ Ganeti Version <= 2.9.6

Spi-inc ≫ Ganeti Version2.10.0

Spi-inc ≫ Ganeti Version2.10.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.10.0 Updaterc1

Spi-inc ≫ Ganeti Version2.10.0 Updaterc2

Spi-inc ≫ Ganeti Version2.10.0 Updaterc3

Spi-inc ≫ Ganeti Version2.10.1

Spi-inc ≫ Ganeti Version2.10.2

Spi-inc ≫ Ganeti Version2.10.3

Spi-inc ≫ Ganeti Version2.10.4

Spi-inc ≫ Ganeti Version2.10.5

Spi-inc ≫ Ganeti Version2.10.6

Spi-inc ≫ Ganeti Version2.10.7

Spi-inc ≫ Ganeti Version2.11.0

Spi-inc ≫ Ganeti Version2.11.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.11.0 Updaterc1

Spi-inc ≫ Ganeti Version2.11.1

Spi-inc ≫ Ganeti Version2.11.2

Spi-inc ≫ Ganeti Version2.11.3

Spi-inc ≫ Ganeti Version2.11.4

Spi-inc ≫ Ganeti Version2.11.5

Spi-inc ≫ Ganeti Version2.11.6

Spi-inc ≫ Ganeti Version2.11.7

Spi-inc ≫ Ganeti Version2.12.0

Spi-inc ≫ Ganeti Version2.12.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.12.0 Updaterc1

Spi-inc ≫ Ganeti Version2.12.0 Updaterc2

Spi-inc ≫ Ganeti Version2.12.1

Spi-inc ≫ Ganeti Version2.12.2

Spi-inc ≫ Ganeti Version2.12.3

Spi-inc ≫ Ganeti Version2.12.4

Spi-inc ≫ Ganeti Version2.12.5

Spi-inc ≫ Ganeti Version2.13.0

Spi-inc ≫ Ganeti Version2.13.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.13.0 Updaterc1

Spi-inc ≫ Ganeti Version2.13.1

Spi-inc ≫ Ganeti Version2.13.2

Spi-inc ≫ Ganeti Version2.14.0

Spi-inc ≫ Ganeti Version2.14.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.14.0 Updatebeta2

Spi-inc ≫ Ganeti Version2.14.0 Updaterc1

Spi-inc ≫ Ganeti Version2.14.0 Updaterc2

Spi-inc ≫ Ganeti Version2.14.1

Spi-inc ≫ Ganeti Version2.15.0

Spi-inc ≫ Ganeti Version2.15.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.15.0 Updaterc1

Spi-inc ≫ Ganeti Version2.15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.96%	0.948

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7

Vendor Advisory

Release Notes

http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html

Patch

Third Party Advisory

VDB Entry

http://www.debian.org/security/2016/dsa-3431

http://www.ocert.org/advisories/ocert-2015-012.html

Patch

Third Party Advisory

VDB Entry

https://www.exploit-db.com/exploits/39169/

https://nvd.nist.gov/vuln/detail/CVE-2015-7944

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7944

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7944

EUVD