CVE-2016-0738

7.5HIGH

Key Information

Vendor: Openstack
Status: Swift
Vendor: CVE Published:; 29 January 2016

Summary

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 29, 2016
Vulnerability Reserved.
Dec 16, 2015

Collectors

NVD DatabaseMitre Database