Vulnerabilities > CVE-2015-6569 - NULL Pointer Dereference vulnerability in Atlassian Floodlight

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

atlassian

CWE-476

NVD

Published: 2018-02-21

Updated: 2018-03-19

Summary

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.

Vulnerable Configurations

Part	Description	Count
Application	Atlassian Atlassian Floodlight 0.85 Atlassian Floodlight 0.90 Atlassian Floodlight 0.91 Atlassian Floodlight 1.0 Atlassian Floodlight 1.1 Atlassian Floodlight 1.2	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/floodlight/floodlight/pull/563
https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/24805419/Floodlight+v1.2
http://www.securityfocus.com/bid/103132