ossa/ossa/OSSA-2013-023.yaml

date: 2013-08-08

id: OSSA-2013-023

title: 'Denial of Service using XML entities in Nova/Cinder extensions'

description: 'Grant Murphy from Red Hat reported that vulnerabilities in XML request
  parsers were not fully patched in OSSA 2013-004. By leveraging XML entity expansion
  in specific extensions, an unauthenticated attacker may still consume excessive
  resources on the Nova (CVE-2013-4179) or Cinder (CVE-2013-4202) API servers, resulting
  in a denial of service and potentially a crash. Only Nova setups making use of the
  security group extension in Grizzly are affected. Only Cinder setups making use
  of the backups or volume transfer API extension in Grizzly are affected.'

reference: http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html

affected-products:

  - product: nova
    version: Grizzly and later

  - product: cinder
    version: Grizzly and later

vulnerabilities:

  - cve-id: CVE-2013-4179
    impact-assessment:
      source: 'Red Hat Product Security'
      rating: moderate
      assessment:
        type: CVSS2
        score: 5.5
        detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
    classification:
      source: 'Red Hat Product Security'
      type: CWE
      detail: TODO

  - cve-id: CVE-2013-4202
    impact-assessment:
      source: 'Red Hat Product Security'
      rating: moderate
      assessment:
        type: CVSS2
        score: 5.0
        detail: AV:N/AC:L/Au:N/C:N/I:N/A:P
    classification:
      source: 'Red Hat Product Security'
      type: CWE
      detail: TODO

reporters:

  - name: 'Grant Murphy'
    affiliation: 'Red Hat'
    reported:
      - CVE-2013-4179
      - CVE-2013-4202

issues:

  links:
    - https://launchpad.net/bugs/1190229

  type: launchpad

reviews:

  havana:
    - https://review.openstack.org/#/c/40879
    - https://review.openstack.org/#/c/40881

  grizzly:
    - https://review.openstack.org/#/c/40880
    - https://review.openstack.org/#/c/40883

  type: gerrit