CVE-2013-2014
Published: 2 June 2014
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
Notes
Author | Note |
---|---|
jdstrand | Upstream is not backporting the sizelimit middleware to Folsom or Essex because it is too intrusive requires keystone to be directly exposed to incoming POST messages and not protected by a proxy see https://bugs.launchpad.net/ossn/+bug/1155566/comments/14 for mitigation strategies |