6.5
CVE-2013-0270
- EPSS 3.07%
- Veröffentlicht 12.04.2013 22:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keystone: openstack keystone: denial of service via large http request with long tenant name
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.07% | 0.86 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
http://rhn.redhat.com/errata/RHSA-2013-0708.html
https://bugs.launchpad.net/keystone/+bug/1099025
https://bugzilla.redhat.com/show_bug.cgi?id=909012
https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
https://launchpad.net/keystone/grizzly/2013.1
https://access.redhat.com/security/cve/CVE-2013-0270