CVE-2013-4185

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions before 2013.1.3 OpenStack Compute (Nova) Havana versions before havana-3

Description The issue does not properly handle network source security group policy updates, allowing remote authenticated users to cause a denial of service via a large number of server-creation operations. This triggers a large number of update requests, consuming nova-network resources.

Recommendations For OpenStack Compute (Nova) versions before 2013.1.3, update to version 2013.1.3 or later to resolve the issue. For OpenStack Compute (Nova) Havana versions before havana-3, update to havana-3 or later to resolve the issue.