CVE-2015-7944

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
References
Link Resource
http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 Release Notes Vendor Advisory
http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html Patch Third Party Advisory VDB Entry
http://www.debian.org/security/2016/dsa-3431
http://www.ocert.org/advisories/ocert-2015-012.html Patch Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/39169/
http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 Release Notes Vendor Advisory
http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 Release Notes Vendor Advisory
http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html Patch Third Party Advisory VDB Entry
http://www.debian.org/security/2016/dsa-3431
http://www.ocert.org/advisories/ocert-2015-012.html Patch Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/39169/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:spi-inc:ganeti:*:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.4:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.6:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.7:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.4:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.5:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.6:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.7:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.12.5:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.13.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.13.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.13.2:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.14.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.14.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.14.0:beta2:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.15.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.15.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.15.1:*:*:*:*:*:*:*

History

21 Nov 2024, 02:37

Type Values Removed Values Added
References () http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 - Release Notes, Vendor Advisory
References () http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 - Release Notes, Vendor Advisory
References () http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 - Release Notes, Vendor Advisory
References () http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 - Release Notes, Vendor Advisory
References () http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 - Release Notes, Vendor Advisory
References () http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 - Release Notes, Vendor Advisory
References () http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 - Release Notes, Vendor Advisory () http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 - Release Notes, Vendor Advisory
References () http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html - Patch, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html - Patch, Third Party Advisory, VDB Entry
References () http://www.debian.org/security/2016/dsa-3431 - () http://www.debian.org/security/2016/dsa-3431 -
References () http://www.ocert.org/advisories/ocert-2015-012.html - Patch, Third Party Advisory, VDB Entry () http://www.ocert.org/advisories/ocert-2015-012.html - Patch, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/39169/ - () https://www.exploit-db.com/exploits/39169/ -

Information

Published : 2017-08-18 17:29

Updated : 2024-11-21 02:37


NVD link : CVE-2015-7944

Mitre link : CVE-2015-7944

CVE.ORG link : CVE-2015-7944


JSON object : View

Products Affected

spi-inc

  • ganeti
CWE
CWE-399

Resource Management Errors