PT-2014-4910 · Openstack · Openstack Identity

Abu Shohel Ahmed

Publicado

2014-04-15

Atualizado

2022-05-17

CVE-2014-2828

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions 2013.1 through 2013.2.3 OpenStack Identity (Keystone) versions icehouse through icehouse-rc1

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending a large number of the same authentication method in a request. This is related to "authentication chaining" in the V3 API.

Recommendations For OpenStack Identity (Keystone) versions 2013.1 through 2013.2.3, update to version 2013.2.4 or later. For OpenStack Identity (Keystone) versions icehouse through icehouse-rc1, update to icehouse-rc2 or later.

Correção

DoS

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2014-2828

GHSA-6MV3-P2GR-WGQF

PYSEC-2014-106

RHSA-2014:1688

Produtos afetados

Openstack Identity

PT-2014-4910 · Openstack · Openstack Identity

CVE-2014-2828

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17