[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3371Date: (C)2012-07-17   (M)2023-12-22


The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-54388
USN-1501-1
https://lists.launchpad.net/openstack/msg14452.html
http://www.openwall.com/lists/oss-security/2012/07/11/13
https://bugs.launchpad.net/nova/+bug/1017795
https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d

CPE    3
cpe:/a:openstack:compute:2012.2
cpe:/a:openstack:folsom:2012.2
cpe:/a:openstack:essex:2012.1
CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:104011
oval:org.secpod.oval:def:700932
oval:org.secpod.oval:def:104076
oval:org.secpod.oval:def:104640
...

© SecPod Technologies