CVE-2014-7960

CWE-399 CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

4.0MEDIUM

EPSS

0.3%

top 46.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Swift

Timeline

PublishedOct 17

Latest updateMay 17

Description

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶NVDopenstack/swift2.1.0

▶PyPIswift< 2.2.0

▶Debianswift< 2.2.0-1+3

▶Ubuntuswift< 1.13.1-0ubuntu1.2

🔴Vulnerability Details

OSV

OpenStack Swift metadata constraints are not correctly enforced↗2022-05-17

▶

GHSA

OpenStack Swift metadata constraints are not correctly enforced↗2022-05-17

▶

OSV

swift vulnerabilities↗2015-08-06

▶

OSV

CVE-2014-7960: OpenStack Object Storage (Swift) before 2↗2014-10-17

▶

CVEList

CVE-2014-7960: OpenStack Object Storage (Swift) before 2↗2014-10-17

▶

📋Vendor Advisories

Ubuntu

Swift vulnerabilities↗2015-08-06

▶

Red Hat

openstack-swift: Swift metadata constraints are not correctly enforced↗2014-09-04

▶

Debian

CVE-2014-7960: swift - OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users ...↗2014

▶

💬Community

Bugzilla

CVE-2014-7960 openstack-swift: Swift metadata constraints are not correctly enforced↗2014-10-08

▶

Bugzilla

CVE-2014-7960 openstack-swift: Swift metadata constraints are not correctly enforced [fedora-all]↗2014-10-08

▶