Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM52017453D21B3B51D3C0AA9B3DA20072CDCBBC65F38D21951A6357E55E747D03
HistoryAug 01, 2018 - 8:45 p.m.

Security Bulletin: Vulnerabilities in OpenStack affect IBM Spectrum Scale V4.2 and V4.1.1 (CVE-2015-8466 and CVE-2016-0738)

2018-08-0120:45:18
www.ibm.com
13

0.047 Low

EPSS

Percentile

92.7%

JSON

Summary

OpenStack vulnerabilities that could allow:
- with OpenStack Swift 3, a remote attacker to launch a replay attack affects IBM Spectrum Scale (CVE-2015-8466)
- with OpenStack Object storage(Swift), a remote authenticated attacker could exploit this vulnerability to consume all available proxy-server resources (CVE-2016-0738)

Vulnerability Details

CVEID: CVE-2015-8466 DESCRIPTION: OpenStack Swift3 could allow a remote attacker to launch a replay attack. An attacker could exploit this vulnerability using an Authorization request that lacks a Date header to conduct a replay attack and gain unauthorized access to the device.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109647 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2016-0738 DESCRIPTION: OpenStack Object storage (Swift) is vulnerable to a denial of service, caused by a memory leak on an unfinished read. A remote authenticated attacker could exploit this vulnerability to consume all available proxy-server resources.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110091 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Spectrum Scale V4.2.0.0 thru V4.2.0.2 and V4.1.1.0 thru 4.1.1.5 for Linux, Standard and Advanced Editions

Remediation/Fixes

For IBM Spectrum Scale V4.2.0.0 thru V4.2.0.2, apply IBM Spectrum Scale V4.2.0.3 available from Fix Central at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.0&platform=All&function=all

For IBM Spectrum Scale V4.1.1.0 thru 4.1.1.5 apply V4.1.1.6 at http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all

Workarounds and Mitigations

None

Related

ubuntucve 2
nessus 7
cvelist 2
fedora 2
nvd 2
debian 1
openvas 4
debiancve 2
prion 2
cve 2
osv 1
github 1
veracode 1
redhat 6
ubuntu 1
ubuntucve
ubuntucve
CVE-2015-8466
2016-01-13 00:00:00
CVE-2016-0738
2016-01-29 00:00:00
nessus
nessus
Debian DSA-3583-1 : swift-plugin-s3 - security update
2016-05-19 00:00:00
RHEL 6 : openstack-swift-plugin-swift3 (Unpatched Vulnerability)
2024-06-03 00:00:00
Fedora 23 : openstack-swift-plugin-swift3-1.9-1.fc23 (2015-1ca595f821)
2016-03-04 00:00:00
cvelist
cvelist
CVE-2015-8466
2016-01-13 15:00:00
CVE-2016-0738
2016-01-29 20:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: openstack-swift-plugin-swift3-1.9-1.fc23
2015-12-25 00:30:37
[SECURITY] Fedora 23 Update: openstack-swift-2.3.0-3.fc23
2016-02-02 19:29:28
nvd
nvd
CVE-2015-8466
2016-01-13 15:59:00
CVE-2016-0738
2016-01-29 20:59:03
debian
debian
[SECURITY] [DSA 3583-1] swift-plugin-s3 security update
2016-05-18 21:19:18
openvas
openvas
Debian Security Advisory DSA 3583-1 (swift-plugin-s3 - security update)
2016-05-18 00:00:00
Debian: Security Advisory (DSA-3583-1)
2016-05-17 00:00:00
Fedora Update for openstack-swift FEDORA-2016-2256
2016-02-05 00:00:00
debiancve
debiancve
CVE-2015-8466
2016-01-13 15:59:00
CVE-2016-0738
2016-01-29 20:59:03
prion
prion
Authorization
2016-01-13 15:59:00
Design/Logic Flaw
2016-01-29 20:59:00
cve
cve
CVE-2015-8466
2016-01-13 15:59:00
CVE-2016-0738
2016-01-29 20:59:03
osv
osv
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
2022-05-17 03:29:51
github
github
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
2022-05-17 03:29:51
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:24:38
redhat
redhat
(RHSA-2016:0128) Moderate: openstack-swift security update
2016-02-08 04:24:53
(RHSA-2016:0155) Moderate: openstack-swift security update
2016-02-09 20:47:16
(RHSA-2016:0126) Moderate: openstack-swift security update
2016-02-08 04:24:24
ubuntu
ubuntu
OpenStack Swift vulnerabilities
2017-10-11 00:00:00

0.047 Low

EPSS

Percentile

92.7%

JSON
Related for 52017453D21B3B51D3C0AA9B3DA20072CDCBBC65F38D21951A6357E55E747D03
ubuntucve2nessus7cvelist2fedora2nvd2debian1openvas4debiancve2prion2cve2osv1github1veracode1redhat6ubuntu1