Denial of Service Vulnerability in OpenStack Compute by Apache Qpid
CVE-2013-4261

Currently unrated

Key Information:

Vendor: Openstack
Status: Folsom
Vendor: CVE Published:; 29 October 2013

Summary

OpenStack Compute (Nova) instances that utilize Apache Qpid for the RPC messaging backend exhibit a vulnerability where improper error handling can lead to a denial of service. This can be exploited by remote attackers who send multiple requests with excessively long strings to the instance console, ultimately depleting the connection pool and rendering the service unavailable. It is essential for administrators to recognize and mitigate this vulnerability in vulnerable versions to safeguard their deployments against potential abuse.

References

http://seclists.org/oss-sec/2013/q3/595

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2013-1199.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=999271

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 29, 2013
Vulnerability Reserved
Jun 12, 2013