Описание
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- ExploitPatch
- ExploitPatch
- Vendor Advisory
- Vendor Advisory
- Patch
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01178
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 13 лет назад
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
debian
больше 13 лет назад
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2 ...
EPSS
Процентиль: 78%
0.01178
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20