CVE-2014-7246

Published Nov 14, 2014

Last updated 10 years ago

CVSS info 3.5

Overview

Description: The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:forgerock:openam:9.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26AF6EC8-2956-4501-8E7F-CF4204816C4C"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:9.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17E53F0B-6B53-411D-A494-03C7650FC6E7"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:9.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EE51772-F55E-4914-8FDB-D7CC2B2C55AB"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:10.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9E6F352-387A-40E4-9FB2-4F54C936E0CC"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A6C20AA-A592-4D45-8A3D-CAF4E1044E86"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:10.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA03FC65-D439-4B5A-92A7-70F3E809E0AE"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:10.1.0:*:*:*:xpress:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D9D9864-1634-4D81-93AC-54813DDD9F64"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B106534-B696-4CEE-BA72-6AD5E51CC21F"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A8FC7A9-B3A0-47BF-9C09-EF0D45CB9917"
          },
          {
            "criteria": "cpe:2.3:a:forgerock:openam:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0B6069F-9166-4072-8E05-A8688561DD20"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References