ossa/ossa/OSSA-2013-022.yaml

61 lines
1.3 KiB
YAML

date: 2013-08-07
id: OSSA-2013-022
title: 'Swift Denial of Service using superfluous object tombstones'
description: 'Peter Portante from Red Hat reported a vulnerability in Swift. Byissuing
requests with an old X-Timestamp value, an authenticatedattacker can fill an object
server with superfluous object tombstones,which may significantly slow down subsequent
requests to that objectserver, facilitating a Denial of Service attack against Swift
clusters.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2013-August/000131.html
affected-products:
- product: swift
version: All versions
vulnerabilities:
- cve-id: CVE-2013-4155
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.0
detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: TODO
reporters:
- name: 'Peter Portante'
affiliation: 'Red Hat'
reported:
- CVE-2013-4155
issues:
links:
- https://launchpad.net/bugs/1196932
type: launchpad
reviews:
havana:
- https://review.openstack.org/#/c/40643
grizzly:
- https://review.openstack.org/#/c/40645
folsom:
- https://review.openstack.org/#/c/40646
type: gerrit