CVE-2013-4155
OpenStack: Swift Denial of Service using superfluous object tombstones
Severity Score
Exploit Likelihood
Affected Versions
35Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.
OpenStack Swift nateior a 1.9.1 en Folsom, Grizzly, y Havana, permite a usuarios autenticados provocar una denegación de servicio (consumo superfluo de tombstone y desaceleración del clúster Swift) a través de una petición DELETE con un timestamp que es más antiguo que el esperado.
OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. A denial of service flaw in OpenStack Swift allowed attackers to fill the object server with object tombstones. This could lead to subsequent requests from legitimate users taking an excessive amount of time. This issue was discovered by Peter Portante of Red Hat. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Swift services will be restarted automatically.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-08-12 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-securit... | Mailing List |
|
| https://bugs.launchpad.net/swift/+bug/119... | X_refsource_confirm | |
| https://review.openstack.org/#/c/40643 | X_refsource_misc | |
| https://review.openstack.org/#/c/40645 | X_refsource_misc | |
| https://review.openstack.org/#/c/40646 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1197.html | 2013-10-31 | |
| http://www.debian.org/security/2012/dsa-2737 | 2013-10-31 | |
| http://www.ubuntu.com/usn/USN-2001-1 | 2013-10-31 | |
| https://access.redhat.com/security/cve/CVE-2013-4155 | 2013-09-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=991626 | 2013-09-03 |