Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-0738

Опубликовано: 20 янв. 2016
Источник: redhat
CVSS2: 6.8

Описание

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

A memory-leak issue was found in OpenStack Object Storage (swift), in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 8 (Liberty)openstack-swiftNot affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6openstack-swiftFixedRHSA-2016:012608.02.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7openstack-swiftFixedRHSA-2016:012708.02.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7openstack-swiftFixedRHSA-2016:012808.02.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7openstack-swiftFixedRHSA-2016:015509.02.2016
Red Hat Gluster Storage 3.1 for RHEL 6openstack-swiftFixedRHSA-2016:032901.03.2016
Red Hat Gluster Storage 3.1 for RHEL 7openstack-swiftFixedRHSA-2016:032801.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1298905openstack-swift: Proxy to server DoS through Large Objects

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-0738

CVSS3: 7.5
ubuntu
около 10 лет назад

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

nvd логотип

CVE-2016-0738

CVSS3: 7.5
nvd
около 10 лет назад

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

debian логотип

CVE-2016-0738

CVSS3: 7.5
debian
около 10 лет назад

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...

github логотип

GHSA-fxwr-2vxm-cg7p

CVSS3: 7.5
github
больше 3 лет назад

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service

6.8 Medium

CVSS2