CVE-2013-4261
OpenStack Compute (Nova) Folsom and Grizzly - Denial of Service via Apache Qpid RPC Backend Error Handling
Title source: llmDescription
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
References (5)
Core 5
Core References
Patch mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/595
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1199.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=999271
Exploit x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1215091
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=999164
Scores
EPSS
0.0060
EPSS Percentile
69.6%
Details
CWE
CWE-119
Status
published
Products (3)
openstack/folsom
< -
openstack/grizzly
< -
redhat/openstack
3.0
Published
Oct 29, 2013
Tracked Since
Feb 18, 2026