CVE-2013-0270
Published: 12 April 2013
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
Notes
Author | Note |
---|---|
jdstrand | Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon per upstream (and me), change is to intrusive for stable release update and the upstream patch was rejected for Folsom and earlier. This is more of a feature than a vulnerability. |
Priority
Status
Package | Release | Status |
---|---|---|
keystone Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
|
|
precise |
Ignored
|
|
quantal |
Ignored
|
|
upstream |
Pending
(2013.1~g3)
|
|
Patches: upstream: https://review.openstack.org/#/c/19567/ |