Denial of Service Vulnerability in OpenStack Compute by OpenStack
CVE-2014-3708

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova
Vendor: CVE Published:; 31 October 2014

Summary

The vulnerability in OpenStack Compute (Nova) allows remote authenticated users to exploit an API request related to IP filtering. This exploitation can lead to denial of service by consuming excessive CPU resources through a specific list active servers API call. The vulnerable versions include those before 2014.1.4 and 2014.2.x prior to 2014.2.1, potentially impacting server performance and availability for legitimate users.

References

http://www.securityfocus.com/bid/70777

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-0844.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2015-0843.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 31, 2014
Vulnerability Reserved
May 14, 2014