公告ID: KYLIN-2019-3833
安全等级: 中等
产品: Kylin V3
发布日期: 2019年3月12日
CVE: CVE-2019-3833
CVSS3评分: 7.5
概述:
Kylin OpenStack Platform currently only utilizes the client and python client API bindings, not the server components of openwsman. Additionally, updates for this package are received through the Kylin Enterprise Linux repository. Kylin Enterprise Virtualization uses only the openwsman-python client API bindings, not the server components of openwsman. This issue affects the versions of openwsman as shipped with Kylin Enterprise Linux 6 and 7. Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. 描述:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. 系统版本:
KYLIN 3.2.x
KYLIN 3.3.x
受影响包列表:
openwsman
openwsman