CVE-2017-16816
MEDIUMHTCondor < 8.6.8 and 8.7.x < 8.7.5 - Authenticated Denial of Service in condor_schedd via GSI and VOMS Extensions
Title source: llmDescription
The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
https://www-auth.cs.wisc.edu/lists/htcondor-users/2017-November/msg00022.shtml
Mitigation, Vendor Advisory x_refsource_confirm
http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html
Scores
CVSS v3
6.5
EPSS
0.0121
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
wisc/htcondor
< 8.6.8
Published
Jul 05, 2018
Tracked Since
Feb 18, 2026