CVE-2013-2014

CWE-20Improper Input ValidationCWE-862Missing AuthorizationCWE-362Race ConditionCWE-200Information Exposure48 documents11 sources
Severity
5.0MEDIUM
EPSS
2.4%
top 15.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack KeystoneFedoraproject Fedora
Timeline
PublishedJun 2
Latest updateMay 13

Description

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/keystone20132013.1
PyPIkeystone< 8.0.0a0
Debiankeystone< 2013.1.1-2+3

Also affects: Fedora 19

🔴Vulnerability Details

5
GHSA
OpenStack Identity (Keystone) Denial of Service2022-05-13
OSV
OpenStack Identity (Keystone) Denial of Service2022-05-13
OSV
eglibc, glibc vulnerabilities2015-02-26
CVEList
CVE-2013-2014: OpenStack Identity (Keystone) before 20132014-06-02
OSV
CVE-2013-2014: OpenStack Identity (Keystone) before 20132014-06-02

💥Exploits & PoCs

4
Exploit-DB
Elipse E3 - HTTP Denial of Service2014-11-26
Exploit-DB
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)2014-09-01
Exploit-DB
VTLS Virtua InfoStation.cgi - SQL Injection2014-08-26
Exploit-DB
SpagoBI 4.0 - Persistent HTML Script Insertion2014-03-03

📋Vendor Advisories

6
Red Hat
openstack-heat: authenticated information leak in Heat2014-04-23
Red Hat
openstack-nova: RBAC policy not properly enforced in Nova EC2 API2014-04-09
Red Hat
polkit-qt: insecure calling of polkit2014-03-24
Red Hat
php: multiple vulnerabilities in gdImageCrop()2014-02-06
BSD
FreeBSD-SA-14:03.openssl: OpenSSL multiple vulnerabilities2014-01-14

💬Community

11
Bugzilla
CVE-2013-6235 jamonapi: multiple reflected XSS vulnerabilities2014-01-24
Bugzilla
CVE-2013-6478 pidgin: DoS when rendering long URLs2014-01-23
Bugzilla
CVE-2013-5904 Oracle JDK: unspecified vulnerability fixed in 7u51 (Deployment)2014-01-15
Bugzilla
CVE-2013-7284 perl-PlRPC: pre-auth remote code execution2014-01-09
Bugzilla
CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check2013-11-22
CVE-2013-2014 (MEDIUM CVSS 5) | OpenStack Identity (Keystone) befor | cvebase.io