Denial of Service via SSL Parameter Renegotiation in Ganeti RESTful Control Interface

Denial of Service via SSL Parameter Renegotiation in Ganeti RESTful Control Interface

CVE-2015-7944 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Learn more about our Api Penetration Testing.