Vulnerability Name:

CVE-2014-7821 (CCN-98818)

Assigned:2014-11-19
Published:2014-11-19
Updated:2023-02-13
Summary:
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2014-7821

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2015-0044
Moderate: openstack-neutron security update

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-security Mailing List, Wed, 19 Nov 2014 23:12:07 +0100
[OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)

Source: CCN
Type: IBM Security Bulletin T1022169
IBM Cloud Manager with OpenStack Neutron Vulnerability (CVE-2014-7821)

Source: CCN
Type: IBM Security Bulletin N1020614
IBM PowerVC is Impacted by OpenStack Neutron DoS Through Invalid DNS Configuration (CVE-2014-7821)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-71278
OpenStack Neutron 'dns_nameservers' Parameter Denial of Service Vulnerability

Source: CCN
Type: OSSA 2014-039
Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
neutron-cve20147821-dos(98818)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-7821

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:openstack:neutron:2014.1:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:neutron:2014.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:neutron:2014.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:neutron:2014.2:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:neutron:2014.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:neutron:2014.1.2-3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:openstack:4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cloud_manager:4.1.0:*:*:*:*:openstack:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20147821
    V
    		CVE-2014-7821
    2022-05-22
    oval:org.opensuse.security:def:55239
    P
    		Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:5085
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:5072
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:55922
    P
    		Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:5745
    P
    		Security update for jetty-minimal (Important)
    2021-06-17
    oval:org.opensuse.security:def:5063
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:5054
    P
    		Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:5723
    P
    		Security update for snakeyaml (Important)
    2021-06-07
    oval:org.opensuse.security:def:5021
    P
    		Security update for openldap2 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:11253
    P
    		openstack-neutron-2014.2.2.dev26-3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:4794
    P
    		Security update for nginx (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4887
    P
    		Security update for xen (Important)
    2020-12-02
    oval:org.opensuse.security:def:4921
    P
    		Security update for skopeo (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4772
    P
    		Security update for openssh (Important)
    2020-12-02
    oval:org.opensuse.security:def:4840
    P
    		Security update for squid (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4764
    P
    		Security update for ovmf (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4902
    P
    		Security update for virt-bootstrap (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4996
    P
    		Security update for php7 (Important)
    2020-12-02
    oval:org.opensuse.security:def:55756
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56207
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55077
    P
    		coreutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56407
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:56519
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:55650
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:56315
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:55099
    P
    		emacs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56481
    P
    		Security update for libwpd (Important)
    2020-12-01
    oval:org.opensuse.security:def:55477
    P
    		Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55076
    P
    		coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56600
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:com.ubuntu.trusty:def:20147821000
    V
    		CVE-2014-7821 on Ubuntu 14.04 LTS (trusty) - low.
    2014-11-24
    BACK
    openstack neutron 2014.1
    openstack neutron 2014.1.1
    openstack neutron 2014.1.3
    openstack neutron 2014.2
    openstack neutron 2014.1.2
    openstack neutron 2014.1.2-3
    redhat openstack 4.0
    ibm cloud manager 4.1.0