Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-17555

Published: 04/12/2019 Updated: 13/12/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache olingo

Mailing Lists

Full Disclosure: CVE-2019-17555: Olingo: DoS via Retry-After header vulnerability
CVE-2019-17555: DoS via Retry-After header vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Olingo 400 to 460 The OData v2 versions of Olingo 2x are not affected Description: The AsyncResponseWrapperImpl class reads the Retry-After header and passes it to the Threadsleep() method without any check ...

References

CWE-20https://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d65UmudJ_MQkFXEv9YY_wwZbRA3sgtNDzMoLM51Qh%3DRCA%40mail.gmail.com%3Ehttps://nvd.nist.govhttp://seclists.org/oss-sec/2019/q4/117
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook