CVE-2015-7944

HIGH

Ganeti <2.9.7-2.15.2 - DoS

Title source: llm

Description

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Exploits (1)

exploitdb WORKING POC
by Pierre Kim · perldosmultiple
https://www.exploit-db.com/exploits/39169

References (11)

Scores

CVSS v3 7.5
EPSS 0.1895
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-399
Status published
Products (30)
spi-inc/ganeti 2.10.0 (5 CPE variants)
spi-inc/ganeti 2.10.1
spi-inc/ganeti 2.10.2
spi-inc/ganeti 2.10.3
spi-inc/ganeti 2.10.4
spi-inc/ganeti 2.10.5
spi-inc/ganeti 2.10.6
spi-inc/ganeti 2.10.7
spi-inc/ganeti 2.11.0 (3 CPE variants)
spi-inc/ganeti 2.11.1
... and 20 more
Published Aug 18, 2017
Tracked Since Feb 18, 2026