Denial of Service Flaw in OpenStack Compute by OpenStack
CVE-2013-4179

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana
Vendor: CVE Published:; 16 September 2013

Summary

A vulnerability exists in OpenStack Compute (Nova) Grizzly 2013.1.3, and earlier, leading to potential denial of service. This flaw enables remote attackers to exploit an XML Entity Expansion (XEE) attack, causing excessive resource consumption and possible system crashes. This issue arises from an incomplete fix for a prior vulnerability, highlighting the importance of timely updates and rigorous testing within the OpenStack framework.

References

http://rhn.redhat.com/errata/RHSA-2013-1199.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/ossa/+bug/1190229

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2005-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Sep 16, 2013
Vulnerability Reserved
Jun 12, 2013