1095974 – (CVE-2014-0219) CVE-2014-0219 Karaf: denial of service via shutdown port

Bug 1095974 (CVE-2014-0219) - CVE-2014-0219 Karaf: denial of service via shutdown port

Summary: CVE-2014-0219 Karaf: denial of service via shutdown port

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-0219
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1114831 1114832 1114833 1114834 1114836 1114837 1114838 1114839 1114840
Blocks:	1095979 1196295
TreeView+	depends on / blocked

Reported:	2014-05-09 01:35 UTC by David Jorm
Modified:	2023-05-12 17:58 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-20 10:44:48 UTC
Embargoed:

Attachments	(Terms of Use)

Description David Jorm 2014-05-09 01:35:46 UTC

It was found that Apache Karaf enables a shutdown port, which could be used by a local attacker to shutdown the Karaf server. By default, the shutdown port is bound to a random high port, listening only on the loopback interface. A local attacker could send the shutdown command to all listening high ports, and shutdown the Karaf server.

Comment 3 Trevor Jay 2014-09-03 01:00:26 UTC

Acknowledgements:

This issue was discovered by David Jorm of Red Hat Product Security.

Note You need to log in before you can comment on or make changes to this bug.