Apache Mesos Denial of Service Vulnerability in Libprocess
CVE-2017-9790

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Mesos
Vendor: CVE Published:; 29 September 2017

What is CVE-2017-9790?

A flaw in the libprocess component of Apache Mesos allows for denial of service attacks when handling HTTP requests lacking a defined request path. This issue arises in various versions prior to 1.1.3, 1.2.2, 1.3.1, and the 1.4.0-dev version, where the absence of a request path causes the parser to fail, potentially crashing the Mesos master. Exploitation of this vulnerability could lead to inoperability of the Mesos-controlled cluster, severely impacting service availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Mesos versions prior to 1.1.3

Apache Mesos 1.2.x before 1.2.2

Apache Mesos 1.3.x before 1.3.1

References

https://lists.apache.org/thread.html/cc1e7a69ea78da0511f5...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/101023

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
Jun 21, 2017

JSON

Apache

What is CVE-2017-9790?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.