PT-2013-2203 · Openstack · Openstack Keystone

Publicado

2013-04-12

Atualizado

2022-05-05

CVE-2013-0270

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 2013.1 OpenStack Keystone version Folsom

Description The issue allows remote attackers to cause a denial of service, consuming CPU and memory resources, by sending a large HTTP request. This can be achieved by including a long tenant name when requesting a token.

Recommendations For OpenStack Keystone versions prior to 2013.1, update to version 2013.1 or later to resolve the issue. For OpenStack Keystone version Folsom, consider restricting the length of the tenant name parameter in token requests as a temporary workaround until a patch is available.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-1284

Identificadores relacionados

CVE-2013-0270

GHSA-4PPJ-4P4V-JF4P

RHSA-2013:0708

Produtos afetados

Openstack Keystone

PT-2013-2203 · Openstack · Openstack Keystone

CVE-2013-0270

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12