CVE-2015-3221

OpenStack Neutron <2014.2.4 - DoS

Title source: llm

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/37360

View on exploitdb

References (4)

[Vendor Advisory] http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-1680.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75368

[Third Party Advisory] https://bugs.launchpad.net/neutron/+bug/1461054

Scores

EPSS 0.1260

EPSS Percentile 93.8%

Classification

CWE

CWE-20

Status draft

Affected Products (2)

openstack/neutron < 2014.2.4

pypi/neutron < 2014.2.4PyPI

Timeline

Published Aug 26, 2015

Tracked Since Feb 18, 2026