PT-2013-2186 · Openstack · Openstack Keystone
Dan Prince
+2
·
Published
2013-02-24
·
Updated
2018-11-15
·
CVE-2013-0247
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Keystone versions Essex 2012.1.3 and earlier
OpenStack Keystone versions Folsom 2012.2.3 and earlier
OpenStack Keystone versions Grizzly grizzly-2 and earlier
Description
The issue allows remote attackers to cause a denial of service, specifically disk consumption, by sending many invalid token requests. This triggers the excessive generation of log entries.
Recommendations
For OpenStack Keystone versions Essex 2012.1.3 and earlier, update to a version later than 2012.1.3 to resolve the issue.
For OpenStack Keystone versions Folsom 2012.2.3 and earlier, update to a version later than 2012.2.3 to resolve the issue.
For OpenStack Keystone versions Grizzly grizzly-2 and earlier, update to a version later than grizzly-2 to resolve the issue.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Keystone