Описание
OpenStack Swift Discloses Secret URLs to Timing Attack
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-0006
- https://github.com/openstack/swift/commit/754633988931e4095530f6b13389c254096eb485
- https://bugs.launchpad.net/swift/+bug/1265665
- https://github.com/openstack/swift
- https://github.com/pypa/advisory-database/tree/main/vulns/swift/PYSEC-2014-116.yaml
- http://rhn.redhat.com/errata/RHSA-2014-0232.html
- http://www.openwall.com/lists/oss-security/2014/01/17/5
Пакеты
swift
>= 1.4.6, <= 1.8.0
Отсутствует
swift
>= 1.9.0, <= 1.10.0
Отсутствует
swift
= 1.11.0
1.12.0
Связанные уязвимости
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 throu ...