Vulnerability Name: | CVE-2013-0247 (CCN-81919) | ||||||||||||||||
Assigned: | 2012-12-06 | ||||||||||||||||
Published: | 2013-02-07 | ||||||||||||||||
Updated: | 2018-11-15 | ||||||||||||||||
Summary: | OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. Per http://www.ubuntu.com/usn/USN-1715-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS | ||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-399 | ||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2013-0247 Source: CCN Type: OpenStack Web site Welcome to Keystone, the OpenStack Identity Service! Source: FEDORA Type: Third Party Advisory FEDORA-2013-2168 Source: REDHAT Type: Third Party Advisory RHSA-2013:0253 Source: BID Type: Third Party Advisory, VDB Entry 57747 Source: CCN Type: BID-57747 OpenStack Keystone CVE-2013-0247 Denial of Service Vulnerability Source: UBUNTU Type: Third Party Advisory USN-1715-1 Source: CONFIRM Type: Third Party Advisory https://bugs.launchpad.net/keystone/+bug/1098307 Source: CCN Type: Red Hat Bugzilla Bug 906171 CVE-2013-0247 OpenStack Keystone: denial of service through invalid token requests Source: MISC Type: Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=906171 Source: XF Type: UNKNOWN keystone-token-dos(81919) | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |