CVE-2013-1664

Currently unrated

Key Information:

Vendor: Openstack
Status: Cinder Folsom; Keystone Essex; Grizzly; Folsom
Vendor: CVE Published:; 3 April 2013

Summary

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

References

http://www.openwall.com/lists/oss-security/2013/02/19/4

mailing-listx_refsource_MLIST

http://lists.openstack.org/pipermail/openstack-announce/2...

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2013-0658.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 3, 2013
Vulnerability Reserved
Feb 13, 2013