Vulnerability Details : CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-5250
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5250
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5250
-
https://access.redhat.com/errata/RHSA-2015:1736
RHSA-2015:1736 - Security Advisory - Red Hat Customer Portal
-
https://github.com/openshift/origin/issues/4374
Can kill OpenShift process with go panic by invalid json file · Issue #4374 · openshift/origin · GitHubVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1259867
1259867 – (CVE-2015-5250) CVE-2015-5250 OpenShift: Malformed JSON can cause API process crash
Products affected by CVE-2015-5250
- cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*