CVE-2013-2014

Openstack Keystone < 2013.1 - Improper Input Validation

Title source: rule

Description

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

References (6)

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html

[Third Party Advisory] http://secunia.com/advisories/53397

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/59936

[Issue Tracking, Third Party Advisory] https://bugs.launchpad.net/keystone/+bug/1098177

[Issue Tracking, Third Party Advisory] https://bugs.launchpad.net/keystone/+bug/1099025

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/84347

Scores

EPSS 0.0237

EPSS Percentile 84.7%

Classification

CWE

CWE-20

Status draft

Affected Products (3)

openstack/keystone < 2013.1

fedoraproject/fedora

pypi/keystone < 8.0.0a0PyPI

Timeline

Published Jun 02, 2014

Tracked Since Feb 18, 2026