CVE-2013-0270
Keystone: openstack keystone: denial of service via large http request with long tenant name
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Red Hat · Red Hat OpenStack Platform 13 (Queens)Red Hat · Red Hat OpenStack Platform 16.2Red Hat · Red Hat OpenStack Platform 17.1Red Hat · Red Hat OpenStack Platform 18.0Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://rhn.redhat.com/errata/RHSA-2013-0708.htmlhttps://access.redhat.com/security/cve/CVE-2013-0270https://bugs.launchpad.net/keystone/+bug/1099025https://bugzilla.redhat.com/show_bug.cgi?id=909012https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdchttps://launchpad.net/keystone/grizzly/2013.1