CVE-2017-1000361
https://notcve.org/view.php?id=CVE-2017-1000361
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. DOMRpcImplementationNotAvailableException al enviar paquetes Port-Status a OpenDaylight. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf •
CVE-2015-1612
https://notcve.org/view.php?id=CVE-2015-1612
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay." Plugin OpenFlow para OpenDaylight en versiones anteriores a Helium SR3 permite a atacantes remotos falsificar la topología SDN y afectar al flujo de datos, relacionados con la reutilización de los paquetes LLDP, también conocido como "LLDP Relay". • http://www.internetsociety.org/sites/default/files/10_4_2.pdf http://www.securityfocus.com/bid/73254 https://cloudrouter.org/security https://git.opendaylight.org/gerrit/#/c/16193 https://git.opendaylight.org/gerrit/#/c/16208 https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP • CWE-20: Improper Input Validation •
CVE-2015-1611
https://notcve.org/view.php?id=CVE-2015-1611
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection." Plugin OpenFlow para OpenDaylight en versiones anteriores a Helium SR3 permite a atacantes remotos falsificar la topología SDN y afectar al flujo de datos, relacionados con "falsa inyección LLDP". • http://www.internetsociety.org/sites/default/files/10_4_2.pdf http://www.securityfocus.com/bid/73254 https://cloudrouter.org/security https://git.opendaylight.org/gerrit/#/c/16193 https://git.opendaylight.org/gerrit/#/c/16208 https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP • CWE-20: Improper Input Validation •
CVE-2015-1610
https://notcve.org/view.php?id=CVE-2015-1610
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." hosttracker en OpenDaylight l2switch permite a atacantes remotos cambiar la información de ubicación del anfitrión suplantando la dirección MAC, vulnerabilidad también conocida como "topology spoofing". • http://www.internetsociety.org/sites/default/files/10_4_2.pdf http://www.securityfocus.com/bid/73251 https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-5035
https://notcve.org/view.php?id=CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue. El servicio Netconf (TCP) en OpenDaylight 1.0 permite a atacantes remotos leer ficheros arbitrarios a través de una declaración de entidad externa XML en conjunto con una referencia de entidad en un mensaje XML-RPC, relacionado con un problema de entidad externa XML (XXE). • http://packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.html http://seclists.org/fulldisclosure/2014/Aug/34 http://www.securityfocus.com/archive/1/533114/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/95254 •