漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service
Vulnerability Description
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
缺省权限不正确
Vulnerability Title
Wazuh 安全漏洞
Vulnerability Description
Wazuh是Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.7.3及之前版本存在安全漏洞,该漏洞源于对客户端发起的SSL/TLS重新协商限制不当,可能导致远程攻击者造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A