Vulnerability Details CVE-2018-1000872
OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2018-1000872
-
cpe:2.3:a:pykmip_project:pykmip:0.0.1
-
cpe:2.3:a:pykmip_project:pykmip:0.1.0
-
cpe:2.3:a:pykmip_project:pykmip:0.1.1
-
cpe:2.3:a:pykmip_project:pykmip:0.2.0
-
cpe:2.3:a:pykmip_project:pykmip:0.3.0
-
cpe:2.3:a:pykmip_project:pykmip:0.3.1
-
cpe:2.3:a:pykmip_project:pykmip:0.3.2
-
cpe:2.3:a:pykmip_project:pykmip:0.3.3
-
cpe:2.3:a:pykmip_project:pykmip:0.4.0
-
cpe:2.3:a:pykmip_project:pykmip:0.4.1
-
cpe:2.3:a:pykmip_project:pykmip:0.5.0
-
cpe:2.3:a:pykmip_project:pykmip:0.6.0
-
cpe:2.3:a:pykmip_project:pykmip:0.7.0