Summaryinfo

A vulnerability was found in Katello. It has been declared as problematic. This affects the function respond. Executing a manipulation of the argument action can lead to resource management. This vulnerability appears as CVE-2014-3712. There is no available exploit.

Detailsinfo

A vulnerability has been found in Katello (version now known) and classified as problematic. This vulnerability affects the function respond. The manipulation of the argument action with an unknown input leads to a resource management vulnerability. The CWE definition for the vulnerability is CWE-399. As an impact it is known to affect availability. CVE summarizes:

Katello allows remote attackers to cause a denial foser service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.

The weakness was presented 11/03/2014 as Bug 1155708 as not defined bug report (Bugzilla). The advisory is available at bugzilla.redhat.com. This vulnerability was named CVE-2014-3712 since 05/14/2014. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at X-Force (97724) and SecurityFocus (BID 70707†). Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• Katello

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion