| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA256 |
| |
| CVE-2014-0219: Apache Karaf bind shutdown port on loopback interface |
| |
| Severity: Minor |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: |
| |
| This vulnerability affects all versions of Apache Karaf prior to 4.0.10 |
| |
| Description: |
| |
| Apache Karaf enables a shutdown port on the loopback interface, which |
| allows local users to cause a denial of service (shutdown) by sending |
| a shutdown command to all listening high ports. |
| |
| This has been fixed in revision: |
| |
| https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=99365a3 |
| |
| Migration: |
| |
| Apache Karaf users should upgrade to 4.0.10 or later and disable the |
| shutdown port. |
| |
| Credit: This issue was reported by Colm O hEigeartaigh of Talend. |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlwtsiQACgkQv/LuQsgo |
| LnbrIg/6ApxUUR0cY7x/n5eM6fCP3io1+vmVineUIhBwu5H97jKBvtTWkNrWoAAv |
| tovNuYZVykyOpqBGu/Y4T/G5ryox1MaYV8jP7dad7I4wgqxSXFucoxRvSXr6jjAz |
| zF3rxHlGw1b0aKQDZgHBv8vcbbVtw6rE6opKdjwN/C4LCDojVhQQbmSlj+oCIAJI |
| JVns9NMpo8VY3btYs0OizmqTtOoKUHkmy4Jy1Fpolsv4KRZrsmvTntPoEYLrjbUy |
| 5xKu/fTGEstJWhOi66xtSPfM+KwDfPVbvmu8QDxQldl6mjPBAQMwhYQSzz6ubNEF |
| 3rN4zx80r/cPBQbflaiYnoLuJPhJzdUxgxPAuvvq//t7RCKdS+zMQ2pkxXt0W8p1 |
| 9WVhaVhfQmZf+RoRMnrHcNlvV5EXLRyTfegRScd7+8iPESESi9qnOU2x8JuoqKWc |
| K1RY94ZD9wdbLh4HqnrqsaYZFrmJ3QXusrSqlioTltjlBE8E9BOVHnvsRnv6kp+S |
| 2r+57iauD7SdMtuMuBPTFc9FOHR3DhTm6dYTiuLp7jdwRA8zRX67oTIh17D9zGH9 |
| YC9B61Rq8ofhoVoRQukfEDkhh423/Oi6IUijPmSPF0dV7nRFd27WadagFFQVfgl3 |
| s2ktdT89ER72fyEi99Qp4tMtY6P9bfblIlt5HyuTxhUTRjzf05k= |
| =MziI |
| -----END PGP SIGNATURE----- |