6.5

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.69% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://access.redhat.com/errata/RHSA-2017:3454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3455
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3456
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3458
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0244.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0245.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0246.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0247.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0250.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0170.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0171.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0172.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0173.html
Third Party Advisory
http://www.securityfocus.com/bid/95698
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037660
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8627
Third Party Advisory
Issue Tracking