Denial of Service Flaw in OpenStack Compute by OpenStack
CVE-2013-4179

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
16 September 2013

Summary

A vulnerability exists in OpenStack Compute (Nova) Grizzly 2013.1.3, and earlier, leading to potential denial of service. This flaw enables remote attackers to exploit an XML Entity Expansion (XEE) attack, causing excessive resource consumption and possible system crashes. This issue arises from an incomplete fix for a prior vulnerability, highlighting the importance of timely updates and rigorous testing within the OpenStack framework.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.