Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2011.3 through 2012.2

Description The issue allows remote attackers to bypass intended access restrictions due to improper protocol checking when security groups are created and the network protocol is not specified entirely in lowercase.

Recommendations For OpenStack Compute (Nova) versions 2011.3 through 2012.2, consider updating the API to properly handle protocol specifications. As a temporary workaround, ensure that all network protocols are specified entirely in lowercase when creating security groups.