CVE-2015-7944
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2015-7944
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-7944.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2015-7944
- Related
- Published
- 2017-08-18T17:29:01Z
- Modified
- 2025-03-14T05:01:22Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
- References
-
- http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8
- http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8
- http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6
- http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3
- http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2
- http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2
- http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7
- http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
- http://www.debian.org/security/2016/dsa-3431
- http://www.ocert.org/advisories/ocert-2015-012.html
- https://www.exploit-db.com/exploits/39169/
- https://security-tracker.debian.org/tracker/CVE-2015-7944
Affected packages
Debian:11 / ganeti
Package
- Name
- ganeti
- Purl
- pkg:deb/debian/ganeti?arch=source
Debian:12 / ganeti
Package
- Name
- ganeti
- Purl
- pkg:deb/debian/ganeti?arch=source
Debian:13 / ganeti
Package
- Name
- ganeti
- Purl
- pkg:deb/debian/ganeti?arch=source