CVE-2014-0219

CWE-20Improper Input Validation6 documents6 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 76.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Karaf
Timeline
PublishedNov 15
Latest updateMay 14

Description

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/karaf< 4.0.10

🔴Vulnerability Details

3
OSV
Improper Input Validation in Apache Karaf2022-05-14
GHSA
Improper Input Validation in Apache Karaf2022-05-14
CVEList
CVE-2014-0219: Apache Karaf before 42017-11-15

📋Vendor Advisories

1
Red Hat
Karaf: denial of service via shutdown port2015-03-19

💬Community

1
Bugzilla
CVE-2014-0219 Karaf: denial of service via shutdown port2014-05-09
CVE-2014-0219 (MEDIUM CVSS 5.5) | Apache Karaf before 4.0.10 enables | cvebase.io