CVE-2013-0247 – Keystone: denial of service through invalid token requests

https://notcve.org/view.php?id=CVE-2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. OpenStack Keystone Essex v2012.1.3 y anteriores, y Grizzly grizzly-2 y anteriores permiten a atacantes remotos generar una denegación de servicio (consumo de disco) mediante una solicitud de token inválida que genera una excesiva cantidad de entradas de registro. • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html http://rhn.redhat.com/errata/RHSA-2013-0253.html http://www.securityfocus.com/bid/57747 http://www.ubuntu.com/usn/USN-1715-1 https://bugs.launchpad.net/keystone/+bug/1098307 https://bugzilla.redhat.com/show_bug.cgi?id=906171 https://access.redhat.com/security/cve/CVE-2013-0247 • CWE-399: Resource Management Errors •