The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.
References
Link | Resource |
---|---|
https://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d65UmudJ_MQkFXEv9YY_wwZbRA3sgtNDzMoLM51Qh%3DRCA%40mail.gmail.com%3E | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-12-04T17:06:18
Updated: 2019-12-04T17:06:18
Reserved: 2019-10-14T00:00:00
Link: CVE-2019-17555
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-04T18:15:16.070
Modified: 2019-12-13T21:29:23.263
Link: CVE-2019-17555
JSON object: View
Redhat Information
No data.
CWE