Denial of Service Vulnerability in OpenStack Compute by Apache Qpid
CVE-2013-4261

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
29 October 2013

Summary

OpenStack Compute (Nova) instances that utilize Apache Qpid for the RPC messaging backend exhibit a vulnerability where improper error handling can lead to a denial of service. This can be exploited by remote attackers who send multiple requests with excessively long strings to the instance console, ultimately depleting the connection pool and rendering the service unavailable. It is essential for administrators to recognize and mitigate this vulnerability in vulnerable versions to safeguard their deployments against potential abuse.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.