← Back

CVE-2014-3648

nvd nist
Published: Jul 1, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.

Affected (1)

Redhat
1 product
Jboss Aerogear
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jboss Aerogear
Version 1.0.0

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: secalert@redhat.com
Issue TrackingPermissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPermissions RequiredVendor Advisory

Timeline

No history available yet.