CVE-2014-3708
openstack-nova: Nova network denial of service through API filtering
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
OpenStack Compute (Nova) anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU) a través de un filtro IP en una solicitud API para listar servidores activos.
A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-10-31 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/70777 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugs.launchpad.net/nova/+bug/1358583 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html | 2023-02-13 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-0843.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0844.html | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2014-3708 | 2015-04-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1154951 | 2015-04-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2014.1 < 2014.1.4 Search vendor "Openstack" for product "Nova" and version " >= 2014.1 < 2014.1.4" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2014.2 < 2014.2.1 Search vendor "Openstack" for product "Nova" and version " >= 2014.2 < 2014.2.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
|