Resource Exhaustion Vulnerability in PyKMIP Server

Resource Exhaustion Vulnerability in PyKMIP Server

CVE-2018-1000872 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.

Learn more about our Cis Benchmark Audit For Server Software.