XML Entity Expansion Vulnerability in OpenStack Cinder by Rackspace
CVE-2013-4202
Currently unrated
Summary
The OpenStack Cinder service contains vulnerabilities in its backup and volume transfer APIs that allow remote attackers to exploit XML Entity Expansion (XEE) attacks. Specifically, versions 2013.1.3 and earlier are susceptible to denial of service, resulting in resource exhaustion leading to service crashes. This issue highlights the importance of consistent security practices, as it stems from an incomplete mitigation of prior vulnerabilities. Mitigation strategies are essential to safeguard against such attacks, protecting system resources and maintaining service availability.
References
Timeline
Vulnerability published
Vulnerability Reserved