[CKAN-Security] CKAN v2.3 : DoS vulnerability with API

Mon Jul 20 08:53:42 UTC 2015

Hello,

We have discovered during a black box pentest, in our company, the 
possibilty to crash the ckan server. It's possible to made a DoS with one 
CKAN API function.

How can we report to you this issue ? 

Best regards,

   Judicaël CORYN

   tél : 02.43.61.33.04 
   judicael.coryn at amicam.cnafmail.fr 
   mobile : 06.24.19.10.05 

 Afin de contribuer au respect de l'environnement, merci de n'imprimer ce 
mail qu'en cas de nécessité
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/721a7707/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5106 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/721a7707/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/721a7707/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/721a7707/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/721a7707/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/721a7707/attachment.jpe>