OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
References
Link | Resource |
---|---|
http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html | Patch Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0843.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0844.html | Third Party Advisory |
http://www.securityfocus.com/bid/70777 | Third Party Advisory VDB Entry |
https://bugs.launchpad.net/nova/+bug/1358583 | Exploit Third Party Advisory |
Configurations
History
13 Feb 2023, 00:42
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | |
References |
|
02 Feb 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. |
Information
Published : 2014-10-31 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3708
Mitre link : CVE-2014-3708
CVE.ORG link : CVE-2014-3708
JSON object : View
Products Affected
openstack
- nova
redhat
- openstack
CWE
CWE-399
Resource Management Errors