Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2019-3833

Related Vulnerabilities: CVE-2019-3833  

Impact: Moderate Public Date: 2019-03-12 CWE: CWE-835 Bugzilla: 1674478: CVE-2019-3833 openwsman: Infinite loop in process_connection() allows denial of service Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Source
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Find out more about CVE-2019-3833 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat OpenStack Platform currently only utilizes the client and python client API bindings, not the server components of openwsman. Additionally, updates for this package are received through the Red Hat Enterprise Linux repository.

Red Hat Enterprise Virtualization uses only the openwsman-python client API bindings, not the server components of openwsman.

This issue affects the versions of openwsman as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Virtualization 4 redhat-virtualization-host Not affected
Red Hat Enterprise Linux 7 openwsman Affected
Red Hat Enterprise Linux 6 openwsman Will not fix
OpenStack 9.0 Director for RHEL 7 openwsman Will not fix
OpenStack 8.0 Director for RHEL 7 openwsman Will not fix

Acknowledgements

This issue was discovered by Adam Mariš (Red Hat).

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started