Denial of Service Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-8124

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 12 December 2014

Summary

The OpenStack Dashboard (Horizon) prior to versions 2014.1.3 and 2014.2.1 contains a vulnerability that improperly handles session records when configured with a database or memcached session engine. This flaw allows remote attackers to exploit the system by sending an excessive number of requests to the login page, potentially leading to service interruptions and denial of authentication access for legitimate users.

References

https://bugs.launchpad.net/horizon/+bug/1394370

x_refsource_CONFIRM

http://secunia.com/advisories/61186

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2015-0845.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Dec 12, 2014
Vulnerability Reserved
Oct 10, 2014