Vulnerabilites related to sks_keyserver_project - sks_keyserver
cve-2019-13050
Vulnerability from cvelistv5
Published
2019-06-29 16:07
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:41:09.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { name: "FEDORA-2019-2f259a6c0a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { name: "FEDORA-2019-28a3675529", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { name: "openSUSE-SU-2019:1917", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K08654551", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:07:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { name: "FEDORA-2019-2f259a6c0a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { name: "FEDORA-2019-28a3675529", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { name: "openSUSE-SU-2019:1917", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K08654551", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13050", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", refsource: "MISC", url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { name: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", refsource: "CONFIRM", url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { name: "https://twitter.com/lambdafu/status/1147162583969009664", refsource: "MISC", url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { name: "FEDORA-2019-2f259a6c0a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { name: "FEDORA-2019-28a3675529", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { name: "openSUSE-SU-2019:1917", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { name: "https://support.f5.com/csp/article/K08654551", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K08654551", }, { name: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&utm_medium=RSS", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13050", datePublished: "2019-06-29T16:07:13", dateReserved: "2019-06-29T00:00:00", dateUpdated: "2024-08-04T23:41:09.920Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3207
Vulnerability from cvelistv5
Published
2014-05-08 14:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67198 | vdb-entry, x_refsource_BID | |
| https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724 | x_refsource_CONFIRM | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=952077 | x_refsource_MISC | |
| http://secunia.com/advisories/57965 | third-party-advisory, x_refsource_SECUNIA | |
| https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:35:56.958Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "67198", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/67198", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=952077", }, { name: "57965", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57965", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-12-19T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-05-08T12:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "67198", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/67198", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=952077", }, { name: "57965", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57965", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-3207", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "67198", refsource: "BID", url: "http://www.securityfocus.com/bid/67198", }, { name: "https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724", refsource: "CONFIRM", url: "https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=952077", refsource: "MISC", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=952077", }, { name: "57965", refsource: "SECUNIA", url: "http://secunia.com/advisories/57965", }, { name: "https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss", refsource: "CONFIRM", url: "https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-3207", datePublished: "2014-05-08T14:00:00", dateReserved: "2014-05-03T00:00:00", dateUpdated: "2024-08-06T10:35:56.958Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2014-05-08 14:29
Modified
2024-11-21 02:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sks_keyserver_project | sks_keyserver | * | |
| sks_keyserver_project | sks_keyserver | 0.1.0 | |
| sks_keyserver_project | sks_keyserver | 0.1.1 | |
| sks_keyserver_project | sks_keyserver | 0.1.2 | |
| sks_keyserver_project | sks_keyserver | 0.1.3 | |
| sks_keyserver_project | sks_keyserver | 1.0.2 | |
| sks_keyserver_project | sks_keyserver | 1.0.3 | |
| sks_keyserver_project | sks_keyserver | 1.0.5 | |
| sks_keyserver_project | sks_keyserver | 1.1.0 | |
| sks_keyserver_project | sks_keyserver | 1.1.1 | |
| sks_keyserver_project | sks_keyserver | 1.1.2 | |
| sks_keyserver_project | sks_keyserver | 1.1.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:*:*:*:*:*:*:*:*", matchCriteriaId: "48F016D6-A3D6-4711-8F37-461571D3FD68", versionEndIncluding: "1.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D8584DEF-5884-4DF3-8AE5-4332D0B184A0", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "23403D8A-F645-4903-9060-74A32C3DF013", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9231329F-61F3-4EF7-A68C-5DB510FF49A7", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "793CF0F6-F334-4500-BA49-F1C79F936ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FB6E81E5-A3FD-4F4D-8C8E-804D282D03FA", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BC802D6A-5467-4046-ACFA-ED2EF6378230", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "9D474C98-4AFA-41DC-8FE2-3A323F4CCFAA", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6998DFA8-1F12-44C7-8A43-A0A7DE5AE79F", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DE028977-3D26-4D8D-97B8-DAED98B29370", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "C6C25434-2108-408E-978E-954D5DB79C0E", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7C5CA2FE-5538-4C23-9C72-12BC7B68DB17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.", }, { lang: "es", value: "Vulnerabilidad de XSS en wserver.ml en SKS Keyserver anterior a 1.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO hacia pks/lookup/undefined1.", }, ], id: "CVE-2014-3207", lastModified: "2024-11-21T02:07:41.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-05-08T14:29:15.687", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57965", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/67198", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss", }, { source: "cve@mitre.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=952077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/67198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=952077", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-29 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| sks_keyserver_project | sks_keyserver | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| f5 | traffix_signaling_delivery_controller | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", matchCriteriaId: "3BE9A5D9-E6DA-4C10-B054-DCFA4B5A2FE0", versionEndIncluding: "2.2.16", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:*:*:*:*:*:*:*:*", matchCriteriaId: "AB5F6B3A-38B8-4B82-A29A-B4F2609FC795", versionEndIncluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", }, { lang: "es", value: "La interacción entre el código sks-keyserver hasta versión 1.2.0 de la red SKS keyserver, y GnuPG hasta la versión 2.2.16, hace arriesgado tener una línea de configuración keyserver de GnuPG que se refiera a un host en la red SKS keyserver. La recuperación de datos de esta red puede causar una denegación de servicio persistente, debido a un Ataque de Spamming de Certificado.", }, ], id: "CVE-2019-13050", lastModified: "2024-11-21T04:24:06.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-29T17:15:08.627", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K08654551", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K08654551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }