Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_desktop | 7.0 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_eus | 8.1 |
| openwsman_project | openwsman | * |
| fedoraproject | fedora | 29 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 28 |
| opensuse | leap | 42.3 |
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 30 |
| opensuse | leap | 15.0 |
| openwsman_project | openwsman | * |
| fedoraproject | fedora | 29 |
| fedoraproject | fedora | 28 |
| opensuse | leap | 42.3 |