XML Entity Expansion Vulnerability in OpenStack Cinder by Rackspace
CVE-2013-4202

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
16 September 2013

Summary

The OpenStack Cinder service contains vulnerabilities in its backup and volume transfer APIs that allow remote attackers to exploit XML Entity Expansion (XEE) attacks. Specifically, versions 2013.1.3 and earlier are susceptible to denial of service, resulting in resource exhaustion leading to service crashes. This issue highlights the importance of consistent security practices, as it stems from an incomplete mitigation of prior vulnerabilities. Mitigation strategies are essential to safeguard against such attacks, protecting system resources and maintaining service availability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.