Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-0737

Опубликовано: 20 янв. 2016
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 8 (Liberty)openstack-swiftNot affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6openstack-swiftFixedRHSA-2016:012608.02.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7openstack-swiftFixedRHSA-2016:012708.02.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7openstack-swiftFixedRHSA-2016:012808.02.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7openstack-swiftFixedRHSA-2016:015509.02.2016
Red Hat Gluster Storage 3.1 for RHEL 6openstack-swiftFixedRHSA-2016:032901.03.2016
Red Hat Gluster Storage 3.1 for RHEL 7openstack-swiftFixedRHSA-2016:032801.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1298924openstack-swift: Client to proxy DoS through Large Objects

EPSS

Процентиль: 90%
0.05828
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-0737

CVSS3: 7.5
ubuntu
около 10 лет назад

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

nvd логотип

CVE-2016-0737

CVSS3: 7.5
nvd
около 10 лет назад

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

debian логотип

CVE-2016-0737

CVSS3: 7.5
debian
около 10 лет назад

OpenStack Object Storage (Swift) before 2.4.0 does not properly close ...

github логотип

GHSA-972c-cfv8-2hq8

CVSS3: 7.5
github
больше 3 лет назад

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service

EPSS

Процентиль: 90%
0.05828
Низкий

6.8 Medium

CVSS2