Denial of Service Flaw in OpenStack Compute by OpenStack
CVE-2013-4179
Currently unrated
Summary
A vulnerability exists in OpenStack Compute (Nova) Grizzly 2013.1.3, and earlier, leading to potential denial of service. This flaw enables remote attackers to exploit an XML Entity Expansion (XEE) attack, causing excessive resource consumption and possible system crashes. This issue arises from an incomplete fix for a prior vulnerability, highlighting the importance of timely updates and rigorous testing within the OpenStack framework.
References
Timeline
Vulnerability published
Vulnerability Reserved