CVE-2013-4202

CWE-39911 documents8 sources
Severity
4.3MEDIUM
EPSS
0.8%
top 25.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack CinderCanonical Ubuntu Linux
Timeline
PublishedSep 16
Latest updateMay 14

Description

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/cinder2013.12013.1.3
PyPIcinder< 7.0.0a0
Debiancinder< 2013.1.2-4+3

Also affects: Ubuntu Linux 13.04

Patches

Patch: rhn.redhat.comPatch: rhn.redhat.com

🔴Vulnerability Details

4
OSV
OpenStack Cinder Denial of Service using XML entities2022-05-14
GHSA
OpenStack Cinder Denial of Service using XML entities2022-05-14
OSV
CVE-2013-4202: The (1) backup (api/contrib/backups2013-09-16
CVEList
CVE-2013-4202: The (1) backup (api/contrib/backups2013-09-16

📋Vendor Advisories

3
Ubuntu
Cinder vulnerabilities2013-10-23
Red Hat
OpenStack: Cinder Denial of Service using XML entities2013-08-08
Debian
CVE-2013-4202: cinder - The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_...2013

💬Community

3
Bugzilla
CVE-2013-4202 openstack-cinder: OpenStack: Cinder Denial of Service using XML entities [fedora-all]2013-08-08
Bugzilla
CVE-2013-4202 openstack-cinder: OpenStack: Cinder Denial of Service using XML entities [epel-6]2013-08-08
Bugzilla
CVE-2013-4202 OpenStack: Cinder Denial of Service using XML entities2013-08-03