CVE-2013-4185

Severity

40%

Complexity

80%

Confidentiality

48%

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

First reported 11 years ago

2013-10-29 22:55:00

Last updated 6 years ago

2018-11-15 18:34:00

Affected Software

OpenStack Compute -

Red Hat Open Stack 3.0

3.0

References

RHSA-2013:1199

Vendor Advisory

[oss-secuirty] 20130806 [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185)

Patch, Third Party Advisory

https://bugs.launchpad.net/nova/+bug/1184041

Exploit, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.