cpe:/a:openstack:compute:2011.3 CVE-2011-4596 2011-12-23T17:55:00.990-05:00 2011-12-26T00:00:00.000-05:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-12-26T15:07:00.000-05:00 MLIST [openstack] 20111213 [OSSA 2011-001] Path traversal issues registering malicious images using EC2 API (CVE-2011-4596) CONFIRM https://bugs.launchpad.net/nova/+bug/885167 CONFIRM https://bugs.launchpad.net/nova/+bug/894755 CONFIRM https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6 CONFIRM https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.