Dan Prince

7 exploits Active since Jun 2012
CVE-2013-0212 WRITEUP WRITEUP
OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVE-2012-2101 WRITEUP WRITEUP
Openstack Nova 2011.3, 2012.1, Folsom - Authenticated Denial of Service via Security Group Rule Flood
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
CVE-2013-0212 WRITEUP WRITEUP
OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVE-2012-2101 WRITEUP WRITEUP
Openstack Nova 2011.3, 2012.1, Folsom - Authenticated Denial of Service via Security Group Rule Flood
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
CVE-2013-0212 WRITEUP WRITEUP
OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVE-2013-0270 WRITEUP MEDIUM WRITEUP
OpenStack Keystone < 2012.1.3 and < 8.0.0a0 - Denial of Service via Long Tenant Name
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
CVSS 6.5
CVE-2013-0270 WRITEUP MEDIUM WRITEUP
OpenStack Keystone < 2012.1.3 and < 8.0.0a0 - Denial of Service via Long Tenant Name
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
CVSS 6.5