CVE-2019-3833
14.03.2019, 22:29
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openwsman_project | openwsman | 𝑥 ≤ 2.6.9 |
| opensuse | leap | 15.0 |
| opensuse | leap | 42.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libwsman-devel |
| ||||||||||||||||||||||||||||||||||||||||
| libwsman1 |
| ||||||||||||||||||||||||||||||||||||||||
| libwsman3 |
| ||||||||||||||||||||||||||||||||||||||||
| libwsman_clientpp1 |
| ||||||||||||||||||||||||||||||||||||||||
| openwsman-server |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| libwsman-devel |
| ||||
| libwsman1 |
| ||||
| openwsman-client |
| ||||
| openwsman-perl |
| ||||
| openwsman-python |
| ||||
| openwsman-python3 |
| ||||
| openwsman-ruby |
| ||||
| openwsman-server |
|
Common Weakness Enumeration
References