Vulnerability CVE-2015-7944
Published: 2017-08-18

Description:
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Ganeti Leaked Secret / Denial Of Service
Daniele Bianco
03.01.2016
Med.
Ganeti Denial Of Service / Information Disclosure
Pierre Kim
05.01.2016

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Ganeti project -> Ganeti 

 References:
http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8
http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8
http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6
http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3
http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2
http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2
http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7
http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
http://www.debian.org/security/2016/dsa-3431
http://www.ocert.org/advisories/ocert-2015-012.html
https://www.exploit-db.com/exploits/39169/
Copyright 2024, cxsecurity.com

 

Back to Top