Vulnerabilities > CVE-2014-3712 - Resource Management Errors vulnerability in Katello
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://seclists.org/oss-sec/2014/q4/419
- http://seclists.org/oss-sec/2014/q4/419
- http://www.securityfocus.com/bid/70707
- http://www.securityfocus.com/bid/70707
- https://bugzilla.redhat.com/show_bug.cgi?id=1155708
- https://bugzilla.redhat.com/show_bug.cgi?id=1155708
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97724
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97724