CVE-2017-7687

6 documents5 sources

Severity

7.5HIGH

EPSS

3.2%

top 12.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Mesos Apache Software Foundation Apache Mesos

Timeline

PublishedSep 29

Latest updateMay 13

Description

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.mesos:mesos1.2.0 — 1.2.2+2

▶NVDapache/mesos1.1.2+5

▶CVEListV5apache_software_foundation/apache_mesos4 versions+3

🔴Vulnerability Details

GHSA

Denial of service in Apache Mesos↗2022-05-13

▶

OSV

Denial of service in Apache Mesos↗2022-05-13

▶

CVEList

CVE-2017-7687: When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1↗2017-09-28

▶

💬Community

Bugzilla

CVE-2017-9790 CVE-2017-7687 mesos: Multiple security issues↗2017-09-27

▶

Bugzilla

CVE-2017-7687 CVE-2017-9790 mesos: Multiple security issues [fedora-all]↗2017-09-27

▶