CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1000411
https://notcve.org/view.php?id=CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. • http://seclists.org/oss-sec/2018/q1/52 http://www.securityfocus.com/bid/102736 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1778
https://notcve.org/view.php?id=CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. La autenticación personalizada realm utilizada por karaf-tomcat "opendaylight" en Opendaylight antes Helium SR3 autenticará cualquier nombre de usuario y combinación de contraseña. • http://www.openwall.com/lists/oss-security/2015/03/20/3 http://www.securityfocus.com/bid/73255 https://cloudrouter.org/security https://wiki.opendaylight.org/view/Security_Advisories • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000358
https://notcve.org/view.php?id=CVE-2017-1000358
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw. El controlador lanza una excepción y no permite al usuario agregar flujo posterior para un switch en particular. Componente: La característica OpenDaylight odl-restconf contiene este fallo. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000360
https://notcve.org/view.php?id=CVE-2017-1000360
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. StreamCorruptedException y NullPointerException en OpenDaylight odl-mdsal-xsql. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000359
https://notcve.org/view.php?id=CVE-2017-1000359
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. Error de falta de memoria en Java y aumento significativo en el consumo de recursos. Componente: OpenDaylight odl-mdsal-xsql es vulnerable a este fallo. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-400: Uncontrolled Resource Consumption •