date: 2013-08-07

id: OSSA-2013-022

title: 'Swift Denial of Service using superfluous object tombstones'

description: 'Peter Portante from Red Hat reported a vulnerability in Swift. Byissuing
  requests with an old X-Timestamp value, an authenticatedattacker can fill an object
  server with superfluous object tombstones,which may significantly slow down subsequent
  requests to that objectserver, facilitating a Denial of Service attack against Swift
  clusters.'

reference: http://lists.openstack.org/pipermail/openstack-announce/2013-August/000131.html

affected-products:

  - product: swift
    version: All versions

vulnerabilities:

  - cve-id: CVE-2013-4155
    impact-assessment:
      source: 'Red Hat Product Security'
      rating: moderate
      assessment:
        type: CVSS2
        score: 4.0
        detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
    classification:
      source: 'Red Hat Product Security'
      type: CWE
      detail: TODO

reporters:

  - name: 'Peter Portante'
    affiliation: 'Red Hat'
    reported:
      - CVE-2013-4155

issues:

  links:
    - https://launchpad.net/bugs/1196932

  type: launchpad

reviews:

  havana:
    - https://review.openstack.org/#/c/40643

  grizzly:
    - https://review.openstack.org/#/c/40645

  folsom:
    - https://review.openstack.org/#/c/40646

  type: gerrit