Improper input validation in Openstack Neutron

CVE-2015-3221

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is reject…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.143 (94.5th percentile) — read the EPSS interpretation.

Affected products

Openstack Neutron
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

75368 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
[openstack-announce] 20150623 [OSSA 2015-012] Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221) (Vendor Advisory, mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
RHSA-2015:1680 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)