Denial of Service Vulnerability in Python XML Libraries Affecting OpenStack and Django
CVE-2013-1664

Currently unrated

Key Information:

Vendor: Openstack
Status: Cinder Folsom; Keystone Essex; Grizzly; Folsom
Vendor: CVE Published:; 3 April 2013

Summary

The vulnerability found in the XML libraries used across various Python versions allows remote attackers to exploit XML Entity Expansion (XEE) attacks. This can result in resource consumption that leads to a denial of service, impacting applications leveraging these libraries, including OpenStack components and Django. Affected systems may experience crashes, disrupting availability and performance.

References

http://www.openwall.com/lists/oss-security/2013/02/19/4

mailing-listx_refsource_MLIST

http://lists.openstack.org/pipermail/openstack-announce/2...

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2013-0658.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Apr 3, 2013
Vulnerability Reserved
Feb 13, 2013