CVE-2013-4261
OpenStack: openstack-nova-compute console-log DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
En OpenStack Compute (Nova) Folsom, Grizzly, y anteriores, cuando se utiliza Apache Qpid para el backend RPC, no maneja adecuadamente los errores que se producen durante la mensajería, que permite a atacantes remotos provocar una denegación de servicio (conexión consumo piscina), como lo demuestra el uso de múltiples solicitudes que envían cadenas largas a una consola de instancia y recuperar el registro de la consola.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-09-04 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/nova/+bug/1215091 | 2024-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=999164 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/oss-sec/2013/q3/595 | 2013-10-30 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1199.html | 2013-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=999271 | 2013-09-03 | |
| https://access.redhat.com/security/cve/CVE-2013-4261 | 2013-09-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Folsom Search vendor "Openstack" for product "Folsom" | * | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Grizzly Search vendor "Openstack" for product "Grizzly" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 3.0 Search vendor "Redhat" for product "Openstack" and version "3.0" | - |
Affected
| ||||||