Back to search
CVE-2017-9790
Published: Sep 28, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Mesos | affected versions prior to 1.1.3affected 1.2.x before 1.2.2affected 1.3.x before 1.3.1affected 1.4.0-dev |
References
[dev] 20170926 CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.
mailing-list
x_refsource_MLIST
101023
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now