Описание
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 4 | openstack-swift | Will not fix | ||
| Native Client for RHEL 5 for Red Hat Storage | glusterfs | Fixed | RHSA-2015:1495 | 29.07.2015 |
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2015:1495 | 29.07.2015 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | openstack-swift | Fixed | RHSA-2015:0836 | 16.04.2015 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | openstack-swift | Fixed | RHSA-2015:0835 | 16.04.2015 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | augeas | Fixed | RHSA-2015:1495 | 29.07.2015 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | check-mk | Fixed | RHSA-2015:1495 | 29.07.2015 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | clufter | Fixed | RHSA-2015:1495 | 29.07.2015 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | cluster | Fixed | RHSA-2015:1495 | 29.07.2015 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | clustermon | Fixed | RHSA-2015:1495 | 29.07.2015 |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS2
Связанные уязвимости
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
OpenStack Object Storage (Swift) before 2.2.0 allows remote authentica ...
OpenStack Swift metadata constraints are not correctly enforced
4 Medium
CVSS2