Vulnerability Details CVE-2013-0281
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://rhn.redhat.com/errata/RHSA-2013-1635.html
- https://bugzilla.redhat.com/show_bug.cgi?id=891922
- https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
- http://rhn.redhat.com/errata/RHSA-2013-1635.html
- https://bugzilla.redhat.com/show_bug.cgi?id=891922
- https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
Products affected by CVE-2013-0281
-
cpe:2.3:a:clusterlabs:pacemaker:1.1.10
-
cpe:2.3:o:redhat:enterprise_linux:6.0