Denial of Service Vulnerability in OpenStack Dashboard by OpenStack
CVE-2014-8124

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 12 December 2014

What is CVE-2014-8124?

The OpenStack Dashboard (Horizon) prior to versions 2014.1.3 and 2014.2.1 contains a vulnerability that improperly handles session records when configured with a database or memcached session engine. This flaw allows remote attackers to exploit the system by sending an excessive number of requests to the login page, potentially leading to service interruptions and denial of authentication access for legitimate users.

References

https://bugs.launchpad.net/horizon/+bug/1394370

x_refsource_CONFIRM

http://secunia.com/advisories/61186

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2015-0845.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2014
Vulnerability Reserved
Oct 10, 2014

Openstack

What is CVE-2014-8124?

References

Timeline