CVE-2014-3708

Openstack Nova < 2014.1.4 - Resource Management Error

Title source: rule

Description

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

References (5)

[Patch, Vendor Advisory] http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-0843.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-0844.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70777

[Exploit, Third Party Advisory] https://bugs.launchpad.net/nova/+bug/1358583

Scores

EPSS 0.0106

EPSS Percentile 77.3%

Classification

CWE

CWE-399

Status draft

Affected Products (3)

openstack/nova < 2014.1.4

redhat/openstack

pypi/nova < 2014.1.4PyPI

Timeline

Published Oct 31, 2014

Tracked Since Feb 18, 2026