Vulnerability in Openstack Compute

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.006 (69.4th percentile) — read the EPSS interpretation.

Affected products

Openstack Compute
Redhat Openstack — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit, Third Party Advisory)
RHSA-2013:1199 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
[oss-secuirty] 20130806 [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) (mailing-list, x_refsource_MLIST, Patch, Third Party Advisory)