Vulnerability Details : CVE-2014-3712
Potential exploit
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.
Vulnerability category: Denial of service
Products affected by CVE-2014-3712
- cpe:2.3:a:katello:katello:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3712
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3712
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3712
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3712
-
https://bugzilla.redhat.com/show_bug.cgi?id=1155708
1155708 – (CVE-2014-3712) CVE-2014-3712 Katello: user parameters passed to to_symExploit
-
http://seclists.org/oss-sec/2014/q4/419
oss-sec: CVE-2014-3712 Katello: user parameters passed to to_symExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97724
Katello to_sym denial of service CVE-2014-3712 Vulnerability Report
-
http://www.securityfocus.com/bid/70707
Katello CVE-2014-3712 Multiple Denial of Service Vulnerabilities
Jump to