Vulnerability in Openstack Neutron
CVE-2014-3555
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
EPSS: 0.009 (75.7th percentile) — read the EPSS interpretation.
Affected products
- Openstack Neutron — versions 2013.2.4, 2014.1, 2014.1.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 60804 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2014:1120 (x_refsource_REDHAT, vendor-advisory)
- 68765 (vdb-entry, x_refsource_BID)
- 60766 (x_refsource_SECUNIA, third-party-advisory)
- [oss-security] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) (mailing-list, x_refsource_MLIST)
- RHSA-2014:1119 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_MISC)
- [openstack-announce] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) (Vendor Advisory, mailing-list, x_refsource_MLIST)