Vulnerabilities > CVE-2014-3712 - Resource Management Errors vulnerability in Katello
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |