cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhishek Singh (Jira)" <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-15412) Security vulnerability CVE-2016-4970 for Netty
Date Tue, 12 Nov 2019 16:26:00 GMT
Abhishek Singh created CASSANDRA-15412:
------------------------------------------

             Summary: Security vulnerability CVE-2016-4970 for Netty 
                 Key: CASSANDRA-15412
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15412
             Project: Cassandra
          Issue Type: Bug
            Reporter: Abhishek Singh


*Cassendra Version: 3.11.4*

*Description :*
*Severity :* CVE CVSS 3.0: 7.5Sonatype CVSS 3.0: 7.5

*Weakness :* Sonatype CWE: 835

*Source :* National Vulnerability Database

*Categories :* ConfigurationData

*Description from CVE :* handler.

*Explanation :* Netty is vulnerable to Denial of Service (DoS). The wrap() function in the
OpenSslEngine class doesnt properly handle renegotiations, causing the application to hang
in an infinite loop. A remote attacker could exploit this vulnerability by sending multiple
requests to the application to consume large amounts of CPU cycles, which can result in Denial
of Service (DoS).

The Sonatype security research team discovered that the vulnerability is present in version
4.0.20 until 4.0.37, not in all the versions from 4.0.0 till 4.0.37 as the advisory states.

*Detection :* The application is vulnerable by using this component only if the server has
renegotiation enabled (which is set as default).
Reference: ([https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970]) [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970]

*Recommendation :* We recommend upgrading to a version of this component that is not vulnerable
to this specific issue.
Workaround:
Users can use -Djdk.tls.rejectClientInitiatedRenegotiation=true to disable renegotiation and
avoid this issue.
Reference link: ([https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970]) [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970]

*Root Cause :* Cassandra-2.2.5.nupkgOpenSslEngine.class : [4.1.0.Beta1, 4.1.1.Final)

*Advisories :* Project: [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970]

*CVSS Details :* CVE CVSS 3.0: 7.5



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message