PT-2013-2186 · Openstack · Openstack Keystone
Dan Prince
+2
·
Publicado
2013-02-24
·
Atualizado
2018-11-15
·
CVE-2013-0247
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Keystone versions Essex 2012.1.3 and earlier
OpenStack Keystone versions Folsom 2012.2.3 and earlier
OpenStack Keystone versions Grizzly grizzly-2 and earlier
Description
The issue allows remote attackers to cause a denial of service, specifically disk consumption, by sending many invalid token requests. This triggers the excessive generation of log entries.
Recommendations
For OpenStack Keystone versions Essex 2012.1.3 and earlier, update to a version later than 2012.1.3 to resolve the issue.
For OpenStack Keystone versions Folsom 2012.2.3 and earlier, update to a version later than 2012.2.3 to resolve the issue.
For OpenStack Keystone versions Grizzly grizzly-2 and earlier, update to a version later than grizzly-2 to resolve the issue.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openstack Keystone