Fluid Attacks Database

Description

Denial of service in Apache Mesos When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.apache.mesos:mesos	>=0 <1.1.3 \|\| >=1.2.0 <1.2.2 \|\| >=1.3.0 <1.3.1	1.1.3, 1.2.2, 1.3.1

Aliases

1. CVE-2017-76872. NVD-2017-76873. OSV-2017-76874. GCVE-2017-7687

References

1. https://lists.apache.org/thread.html/2c9ed2b07c2b2831a11d21db3cf8408a71fcf2c300d73ca01bad89df@%3Cdev.mesos.apache.org%3E2. http://www.securityfocus.com/bid/101027

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.