CVE-2015-5695
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
Designate 2015.1.0 a 1.0.0.0b1, tal y como viene en OpenStack Kilo no ejecuta RecordSets por dominio y Records por cuotas de RecordSet cuando procesa una transferencia de archivos de zona interna, lo que puede permitir que los atacantes remotos causen una denegaciĆ³n de servicio (bucle infinito) mediante una serie de registros de recursos manipulados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-07-28 CVE Reserved
- 2017-08-31 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/07/28/11 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/07/29/6 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1245241 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/designate/+bug/1471161 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack/2015-July/013548.html | 2017-09-12 | |
| https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch | 2017-09-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Designate Search vendor "Openstack" for product "Designate" | 1.0.0.0b1 Search vendor "Openstack" for product "Designate" and version "1.0.0.0b1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Designate Search vendor "Openstack" for product "Designate" | 1.0.0a0 Search vendor "Openstack" for product "Designate" and version "1.0.0a0" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Designate Search vendor "Openstack" for product "Designate" | 2015.1.0 Search vendor "Openstack" for product "Designate" and version "2015.1.0" | - |
Affected
| ||||||