What is CVE-2019-17555?

CVE-2019-17555 is a vulnerability in Apache Olingo. Published 2019-12-04.

Is CVE-2019-17555 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Olingo

CVE-2019-17555

The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can he…

EPSS: 0.022 (84.8th percentile) — read the EPSS interpretation.

Affected products

Apache Olingo — versions 4.0.0 to 4.6.0

Public proof-of-concept exploits

alphaSeclab/sec-daily-2019

References

[olingo-user] 20191204 [SECURITY] CVE-2019-17555: DoS via Retry-After header vulnerability (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-17555?: CVE-2019-17555 is a vulnerability in Apache Olingo. Published 2019-12-04.
Is CVE-2019-17555 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.