CVE-2016-0737

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2016-0128.html
http://rhn.redhat.com/errata/RHSA-2016-0155.html
http://rhn.redhat.com/errata/RHSA-2016-0329.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/81432
https://bugs.launchpad.net/swift/+bug/1466549	Vendor Advisory
https://launchpad.net/swift/+milestone/2.4.0	Vendor Advisory
https://review.openstack.org/#/c/217750/
https://security.openstack.org/ossa/OSSA-2016-004.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*

History

12 Feb 2023, 23:15

Type	Values Removed	Values Added
Summary	A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.	OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2016:0127', 'name': 'https://access.redhat.com/errata/RHSA-2016:0127', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2016:0128', 'name': 'https://access.redhat.com/errata/RHSA-2016:0128', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2016-0737', 'name': 'https://access.redhat.com/security/cve/CVE-2016-0737', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2016:0328', 'name': 'https://access.redhat.com/errata/RHSA-2016:0328', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2016:0126', 'name': 'https://access.redhat.com/errata/RHSA-2016:0126', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1298924', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1298924', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2016:0155', 'name': 'https://access.redhat.com/errata/RHSA-2016:0155', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2016:0329', 'name': 'https://access.redhat.com/errata/RHSA-2016:0329', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 16:17

Type	Values Removed	Values Added
Summary	OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.	A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.
References		(MISC) https://access.redhat.com/errata/RHSA-2016:0127 - (MISC) https://access.redhat.com/errata/RHSA-2016:0128 - (MISC) https://access.redhat.com/security/cve/CVE-2016-0737 - (MISC) https://access.redhat.com/errata/RHSA-2016:0328 - (MISC) https://access.redhat.com/errata/RHSA-2016:0126 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1298924 - (MISC) https://access.redhat.com/errata/RHSA-2016:0155 - (MISC) https://access.redhat.com/errata/RHSA-2016:0329 -

Information

Published : 2016-01-29 20:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-0737

Mitre link : CVE-2016-0737

CVE.ORG link : CVE-2016-0737

JSON object : View

Products Affected

openstack

swift

CWE

CWE-399

Resource Management Errors

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-0737

7.5^/10

5.0^/10

Attach tags to `CVE-2016-0737`