CVE-2013-0270
MEDIUMOpenStack Keystone < 2012.1.3 and < 8.0.0a0 - Denial of Service via Long Tenant Name
Title source: llmDescription
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
References (7)
Core 7
Core References
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0708.html
Third Party Advisory
https://bugs.launchpad.net/keystone/+bug/1099025
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=909012
Third Party Advisory
https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
Third Party Advisory
https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
Patch, Third Party Advisory
https://launchpad.net/keystone/grizzly/2013.1
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2013-0270
Scores
CVSS v3
6.5
EPSS
0.0301
EPSS Percentile
85.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-1284
Status
published
Products (7)
openstack/keystone
2013.1 milestone1 (3 CPE variants)
openstack/keystone
2012.1 - 2012.1.3
pypi/keystone
0 - 8.0.0a0PyPI
Red Hat/Red Hat OpenStack Platform 13 (Queens)
Red Hat/Red Hat OpenStack Platform 16.2
Red Hat/Red Hat OpenStack Platform 17.1
Red Hat/Red Hat OpenStack Platform 18.0
Published
Apr 12, 2013
Tracked Since
Feb 18, 2026