提交 #557110: Apereo CAS v5.2.6 ReDos regular expression engine denial of service信息

标题Apereo CAS v5.2.6 ReDos regular expression engine denial of service
描述1.Vulnerability Name: Apereo CAS application has a ReDos regular expression engine denial of service vulnerability. 2.Vulnerability level : Medium. 3.Vulnerability discoverer and contributor:蔡超雄 (caichaoxiong) 4.Vulnerability Description The query parameters of the Apereo CAS v5.2.6 management console (cas-management) are controllable, and malicious attackers can use carefully constructed regular expressions to exhaust server resources . 5.Vulnerability Risk Sending a large number of requests with malicious regular expressions will cause all threads in the thread pool to execute regular expression matching, consuming a large amount of CPU resources, making it impossible to respond to normal requests, resulting in a denial of service attack.
来源⚠️ https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG
用户
 caichaoxiong (UID 84060)
提交2025-04-12 16時19分 (1 年前)
管理2025-04-26 10時07分 (14 days later)
状态已接受
VulDB条目306321 [Apereo CAS 5.2.6 ResponseEntity 查询 拒绝服务]
积分17

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!