Details
-
Bug
-
Status: Triage Needed
-
Normal
-
Resolution: Unresolved
-
None
-
None
-
None
-
All
-
None
Description
Cassendra Version: 3.11.4
Description :
Severity : CVE CVSS 3.0: 7.5Sonatype CVSS 3.0: 7.5
Weakness : Sonatype CWE: 835
Source : National Vulnerability Database
Categories : ConfigurationData
Description from CVE : handler.
Explanation : Netty is vulnerable to Denial of Service (DoS). The wrap() function in the OpenSslEngine class doesnt properly handle renegotiations, causing the application to hang in an infinite loop. A remote attacker could exploit this vulnerability by sending multiple requests to the application to consume large amounts of CPU cycles, which can result in Denial of Service (DoS).
The Sonatype security research team discovered that the vulnerability is present in version 4.0.20 until 4.0.37, not in all the versions from 4.0.0 till 4.0.37 as the advisory states.
Detection : The application is vulnerable by using this component only if the server has renegotiation enabled (which is set as default).
Reference: (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970
Recommendation : We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Workaround:
Users can use -Djdk.tls.rejectClientInitiatedRenegotiation=true to disable renegotiation and avoid this issue.
Reference link: (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970
Root Cause : Cassandra-2.2.5.nupkgOpenSslEngine.class : [4.1.0.Beta1, 4.1.1.Final)
Advisories : Project: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970
CVSS Details : CVE CVSS 3.0: 7.5