CVE-2014-3708

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html	Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0843.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0844.html	Third Party Advisory
http://www.securityfocus.com/bid/70777	Third Party Advisory VDB Entry
https://bugs.launchpad.net/nova/+bug/1358583	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::

Configuration 2 (hide)

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

History

13 Feb 2023, 00:42

Type	Values Removed	Values Added
Summary	A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.	OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
References	~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1154951', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1154951', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2014-3708', 'name': 'https://access.redhat.com/security/cve/CVE-2014-3708', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0843', 'name': 'https://access.redhat.com/errata/RHSA-2015:0843', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0844', 'name': 'https://access.redhat.com/errata/RHSA-2015:0844', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 20:18

Type	Values Removed	Values Added
References		(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1154951 - (MISC) https://access.redhat.com/security/cve/CVE-2014-3708 - (MISC) https://access.redhat.com/errata/RHSA-2015:0843 - (MISC) https://access.redhat.com/errata/RHSA-2015:0844 -
Summary	OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.	A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.

Information

Published : 2014-10-31 14:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-3708

Mitre link : CVE-2014-3708

CVE.ORG link : CVE-2014-3708

JSON object : View

Products Affected

openstack

nova

redhat

openstack

CWE

CWE-399

Resource Management Errors

4.0 /10