CVE-2014-3517
Severity
4.3MEDIUM
EPSS
0.4%
top 39.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 7
Latest updateMay 14
Description
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
CVSS vector
AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2014-3517 openstack-nova: timing attack issue allows access to other instances' configuration information [fedora-19]↗2014-07-18
Bugzilla▶
CVE-2014-3517 openstack-nova: timing attack issue allows access to other instances' configuration information [fedora-20]↗2014-07-18
Bugzilla▶
CVE-2014-3517 openstack-nova: timing attack issue allows access to other instances' configuration information [epel-6]↗2014-07-18
Bugzilla▶
CVE-2014-3517 openstack-nova: timing attack issue allows access to other instances' configuration information↗2014-06-24