RSS   Vulnerabilities for 'Openwsman'   RSS

2019-03-14
 
CVE-2019-3833

CWE-399
 

 
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

 
 
CVE-2019-3816

CWE-200
 

 
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

 


Copyright 2019, cxsecurity.com

 

Back to Top