CVE-2013-4261

{"id": "CVE-2013-4261", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-29T22:55:02.613", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://seclists.org/oss-sec/2013/q3/595", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/nova/+bug/1215091", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999164", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log."}, {"lang": "es", "value": "En OpenStack Compute (Nova) Folsom, Grizzly, y anteriores, cuando se utiliza Apache Qpid para el backend RPC, no maneja adecuadamente los errores que se producen durante la mensajer\u00eda, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (conexi\u00f3n consumo piscina), como lo demuestra el uso de m\u00faltiples solicitudes que env\u00edan cadenas largas a una consola de instancia y recuperar el registro de la consola."}], "lastModified": "2013-10-30T13:53:17.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02BC5BB2-E1FE-4B41-9EA3-A93176C5629A", "versionEndIncluding": "-"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:grizzly:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C0445BF-8F33-4099-AB33-4B5539311FA8", "versionEndIncluding": "-"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}