CVE-2014-9684 — Allocation of Resources Without Limits or Throttling in Project Glance
Severity
4.0MEDIUMNVD
EPSS
0.6%
top 31.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 24
Latest updateMay 17
Description
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9
Affected Packages2 packages
🔴Vulnerability Details
5📋Vendor Advisories
3Red Hat▶
openstack-glance: potential resource exhaustion and denial of service using images manipulation API↗2015-02-19
Red Hat▶
openstack-glance: potential resource exhaustion and denial of service using images manipulation API↗2015-02-19
Debian▶
CVE-2014-9684: glance - OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 d...↗2014
💬Community
1Bugzilla▶
CVE-2014-9684 CVE-2015-1881 openstack-glance: potential resource exhaustion and denial of service using images manipulation API↗2015-02-20