Local Denial of Service Vulnerability in Apache Karaf by Apache
CVE-2014-0219

5.5MEDIUM

Key Information:

Vendor
Apache
Status
Karaf
Vendor
CVE Published:
15 November 2017

Summary

Apache Karaf versions prior to 4.0.10 expose a vulnerability that allows local users to trigger a local denial of service. This is achieved by exploiting an open shutdown port on the loopback interface, enabling the users to send a shutdown command to all listening high ports. This can result in the unintended shutdown of the service, impacting applications that rely on Karaf for operation.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1095974
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101872
vdb-entryx_refsource_BID
http://karaf.apache.org/security/cve-2014-0219.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.