OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html | Third Party Advisory |
http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html | Patch Vendor Advisory |
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | Mailing List Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0839.html | Broken Link |
http://rhn.redhat.com/errata/RHSA-2015-0845.html | Broken Link |
http://secunia.com/advisories/61186 | Third Party Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | Third Party Advisory |
https://bugs.launchpad.net/horizon/+bug/1394370 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
13 Feb 2023, 00:43
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. |
02 Feb 2023, 20:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A denial of service flaw was found in the OpenStack Dashboard (horizon) when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service. |
09 Mar 2021, 15:06
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0839.html - Broken Link | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0845.html - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugs.launchpad.net/horizon/+bug/1394370 - Issue Tracking, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/61186 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory | |
CPE | cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:* |
CWE | CWE-400 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : unknown |
Information
Published : 2014-12-12 15:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-8124
Mitre link : CVE-2014-8124
CVE.ORG link : CVE-2014-8124
JSON object : View
Products Affected
fedoraproject
- fedora
opensuse
- opensuse
openstack
- horizon
oracle
- solaris
CWE
CWE-400
Uncontrolled Resource Consumption