Denial of Service Vulnerability in Apache Mesos by Libprocess
CVE-2017-7687

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Mesos
Vendor: CVE Published:; 29 September 2017

Summary

The vulnerability in Apache Mesos is caused by a flaw in the libprocess component, which mishandles decoding failures for malformed URL paths in HTTP requests. When invoked, this flaw can lead to crashes in Mesos masters, effectively rendering the associated Mesos-controlled cluster inoperable. A malicious actor exploiting this vulnerability could enforce a denial of service, impacting availability and operational continuity.

Affected Version(s)

Apache Mesos versions prior to 1.1.3

Apache Mesos 1.2.x before 1.2.2

Apache Mesos 1.3.x before 1.3.1

References

https://lists.apache.org/thread.html/2c9ed2b07c2b2831a11d...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/101027

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
Apr 11, 2017