Openwsman process_connection() Remote Denial of Service Vulnerability

By GIXnews

A vulnerability in the process_connection() function of Openwsman could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper parsing of HTTP requests by the affected software. An attacker could exploit this vulnerability by sending an HTTP request that submits malicious input to the targeted system which could trigger an infinite loop in the process_connection() function of the affected software. A successful exploit allow the attacker to cause a DoS condition on the targeted system.

Openwsman has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: High

CVE: CVE-2019-3833

Source:: Cisco Multivendor Vulnerability Alerts