Race Condition in Atlassian Floodlight Controller
CVE-2015-6569

5.9MEDIUM

Key Information:

Vendor
Atlassian
Status
Floodlight
Vendor
CVE Published:
21 February 2018

Summary

A race condition in the LoadBalancer module of Atlassian Floodlight Controller versions prior to 1.2 allows remote attackers to exploit the system through a state manipulation attack. This vulnerability can lead to a denial of service, characterized by a NULL pointer dereference and a consequent thread crash, which impacts the functionality and reliability of the affected service.

References

https://floodlight.atlassian.net/wiki/spaces/floodlightco...
x_refsource_CONFIRM
https://github.com/floodlight/floodlight/pull/563
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103132
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.