admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-39xx/CVE-2021-3909.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

164 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-3909",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2021-11-11T22:15:07.923",
"lastModified": "2022-04-04T14:02:00.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive."
},
{
"lang": "es",
"value": "OctoRPKI no limita la duraci\u00f3n de una conexi\u00f3n, permitiendo que se produzca un ataque slowloris DOS que hace que OctoRPKI espere eternamente. En concreto, el repositorio al que OctoRPKI env\u00eda peticiones HTTP mantendr\u00e1 la conexi\u00f3n abierta durante un d\u00eda antes de que se devuelva una respuesta, pero sigue alimentando con nuevos bytes para mantener viva la conexi\u00f3n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@cloudflare.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cna@cloudflare.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudflare:octorpki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "A39C112F-E066-40D1-9CAC-9D9F89B467EE"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244",
"source": "cna@cloudflare.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2021/dsa-5033",
"source": "cna@cloudflare.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2022/dsa-5041",
"source": "cna@cloudflare.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink