CVE-2013-4261

Currently unrated

Key Information:

Vendor: Openstack
Status: Folsom
Vendor: CVE Published:; 29 October 2013

Summary

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

References

http://seclists.org/oss-sec/2013/q3/595

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2013-1199.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=999271

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 29, 2013
Vulnerability Reserved
Jun 12, 2013