CVE-2013-4179
published 2013-09-16CVE-2013-4179: The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2013.1.3-1 (bookworm) | nova 2013.1.3-1 (bookworm) |
| openstack | compute | — | — |
| openstack | havana | <= havana-2 | — |
| openstack | havana | — | — |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.2 | 2013.2 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
ghsa5.0MEDIUM
osv5.0MEDIUM