The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 | x_refsource_CONFIRM |
| http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3431 | vendor-advisory x_refsource_DEBIAN |
| http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 | x_refsource_CONFIRM |
| http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html | x_refsource_MISC |
| https://www.exploit-db.com/exploits/39169/ | exploit x_refsource_EXPLOIT-DB |
| http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 | x_refsource_CONFIRM |
| http://www.ocert.org/advisories/ocert-2015-012.html | x_refsource_MISC |
| http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 | x_refsource_CONFIRM |
| http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |