CVE-2013-1664

OpenStack Keystone Essex/Folsom/Grizzly, Nova Essex/Folsom, Cinder Folsom DoS via XML Entity Expansion

Title source: llm

Description

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

References (10)

Core 10

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0658.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0657.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0670.html

Various Sources vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-1757-1

Exploit x_refsource_confirm

https://bugs.launchpad.net/nova/+bug/1100282

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/02/19/4

Vendor Advisory mailing-list x_refsource_mlist

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/02/19/2

Various Sources x_refsource_confirm

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

Various Sources x_refsource_confirm

http://bugs.python.org/issue17239

Scores

EPSS 0.0394

EPSS Percentile 88.5%

Details

CWE

CWE-119

Status published

Products (7)

openstack/cinder_folsom

openstack/compute_\(nova\)_essex

openstack/compute_\(nova\)_folsom

openstack/folsom

openstack/grizzly

openstack/keystone_essex

pypi/Django 1.3.0 - 1.3.6PyPI

Published Apr 03, 2013

Tracked Since Feb 18, 2026