{ "schema_version": "1.4.0", "id": "GHSA-g6j6-f58r-vgxm", "modified": "2025-04-20T03:43:17Z", "published": "2022-05-13T01:06:54Z", "aliases": [ "CVE-2015-7944" ], "details": "The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7944" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/39169" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2" }, { "type": "WEB", "url": "http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2016/dsa-3431" }, { "type": "WEB", "url": "http://www.ocert.org/advisories/ocert-2015-012.html" } ], "database_specific": { "cwe_ids": [], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-08-18T17:29:00Z" } }