It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cockpit-project cockpit |
||
fedoraproject fedora - |
||
redhat virtualization 4.0 |