{"containers":{"cna":{"affected":[{"product":"Apache Mesos","vendor":"Apache Software Foundation","versions":[{"status":"affected","version":"versions prior to 1.1.3"},{"status":"affected","version":"1.2.x before 1.2.2"},{"status":"affected","version":"1.3.x before 1.3.1"},{"status":"affected","version":"1.4.0-dev"}]}],"datePublic":"2017-09-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable."}],"problemTypes":[{"descriptions":[{"description":"Denial of Service","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-29T09:57:01.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"name":"[dev] 20170926 CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/cc1e7a69ea78da0511f5b54b6be7aa6e3c78edad5aaff430e7de028b%40%3Cdev.mesos.apache.org%3E"},{"name":"101023","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/101023"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","DATE_PUBLIC":"2017-09-26T00:00:00","ID":"CVE-2017-9790","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Mesos","version":{"version_data":[{"version_value":"versions prior to 1.1.3"},{"version_value":"1.2.x before 1.2.2"},{"version_value":"1.3.x before 1.3.1"},{"version_value":"1.4.0-dev"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service"}]}]},"references":{"reference_data":[{"name":"[dev] 20170926 CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.","refsource":"MLIST","url":"https://lists.apache.org/thread.html/cc1e7a69ea78da0511f5b54b6be7aa6e3c78edad5aaff430e7de028b@%3Cdev.mesos.apache.org%3E"},{"name":"101023","refsource":"BID","url":"http://www.securityfocus.com/bid/101023"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T17:18:01.977Z"},"title":"CVE Program Container","references":[{"name":"[dev] 20170926 CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/cc1e7a69ea78da0511f5b54b6be7aa6e3c78edad5aaff430e7de028b%40%3Cdev.mesos.apache.org%3E"},{"name":"101023","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/101023"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2017-9790","datePublished":"2017-09-28T20:00:00.000Z","dateReserved":"2017-06-21T00:00:00.000Z","dateUpdated":"2024-09-16T22:14:23.745Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}