CVE-2016-0737
openstack-swift: Client to proxy DoS through Large Objects
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
OpenStack Object Storage (Swift) en versiones anteriores a 2.4.0 no cierra correctamente las conexionen del cliente, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos del servidor proxy) a través de una serie de peticiones interrumpidas a una URL Large Object.
A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-16 CVE Reserved
- 2016-01-29 CVE Published
- 2023-05-01 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/81432 | Vdb Entry | |
| https://review.openstack.org/#/c/217750 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.openstack.org/ossa/OSSA-2016-004.html | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-0128.html | 2023-02-12 | |
| http://rhn.redhat.com/errata/RHSA-2016-0155.html | 2023-02-12 | |
| http://rhn.redhat.com/errata/RHSA-2016-0329.html | 2023-02-12 | |
| https://bugs.launchpad.net/swift/+bug/1466549 | 2023-02-12 | |
| https://launchpad.net/swift/+milestone/2.4.0 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2016-0737 | 2016-03-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1298924 | 2016-03-01 |