CVE-2013-0247

CWE-3998 documents8 sources

Severity

5.0MEDIUM

EPSS

3.0%

top 13.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Keystone Canonical Ubuntu Linux

Timeline

PublishedFeb 24

Latest updateMay 5

Description

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopenstack/keystone2012.1 — 2012.1.3+2

▶Debiankeystone< 2012.1.1-12+3

Also affects: Ubuntu Linux 12.04, 12.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fqpq-8vh2-cxwp: OpenStack Keystone Essex 2012↗2022-05-05

▶

CVEList

CVE-2013-0247: OpenStack Keystone Essex 2012↗2013-02-24

▶

OSV

CVE-2013-0247: OpenStack Keystone Essex 2012↗2013-02-24

▶

📋Vendor Advisories

Ubuntu

OpenStack Keystone vulnerability↗2013-02-05

▶

Red Hat

Keystone: denial of service through invalid token requests↗2013-02-05

▶

Debian

CVE-2013-0247: keystone - OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and ...↗2013

▶

💬Community

Bugzilla

CVE-2013-0247 OpenStack Keystone: denial of service through invalid token requests↗2013-01-31

▶