Описание
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2013.2~rc3-0ubuntu1 |
| lucid | DNE | |
| precise | DNE | |
| quantal | not-affected | |
| raring | released | 1:2013.1.3-0ubuntu2.1 |
| saucy | not-affected | 1:2013.2~rc3-0ubuntu1 |
| upstream | released | 1:2013.2~rc3 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contr ...
EPSS
4.3 Medium
CVSS2