Lucene search
UbuntuUSN-1734-1HistoryFeb 21, 2013 - 12:00 a.m.
OpenStack Nova vulnerability
2013-02-2100:00:00
ubuntu.com
45
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
9.3
Confidence
High
EPSS
0.09
Percentile
94.6%
Releases
- Ubuntu 12.10
- Ubuntu 12.04
- Ubuntu 11.10
Packages
- nova - OpenStack Compute cloud infrastructure
Details
Joshua Harlow discovered that Nova would allow XML entity processing. A
remote unauthenticated attacker could exploit this using the Nova API to
cause a denial of service via resource exhaustion. (CVE-2013-1664)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.10 | noarch | python-nova | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-ajax-console-proxy | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-ec2 | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-metadata | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-os-compute | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-os-volume | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-cert | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-common | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-compute | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2 | UNKNOWN |
References
Related
securityvulns
securityvulns
[USN-1734-1] OpenStack Nova vulnerability
2013-02-24 00:00:00
[USN-1731-1] OpenStack Cinder vulnerability
2013-02-24 00:00:00
[USN-1730-1] OpenStack Keystone vulnerabilities
2013-02-24 00:00:00
github
github
XML Entity Expansion (XEE) in Django
2022-05-17 05:09:40
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
2022-05-17 04:58:58
OpenStack Cinder Denial of Service using XML entities
2022-05-14 01:58:45
prion
prion
Code injection
2013-04-03 00:55:00
Design/Logic Flaw
2013-09-16 19:14:00
Security feature bypass
2013-09-16 19:14:00
nessus
nessus
Ubuntu 11.10 / 12.04 LTS / 12.10 : nova vulnerability (USN-1734-1)
2013-02-22 00:00:00
Ubuntu 12.10 : cinder vulnerability (USN-1731-1)
2013-02-21 00:00:00
Fedora 18 : openstack-keystone-2012.2.3-3.fc18 (2013-2916)
2013-03-05 00:00:00
cvelist
cvelist
debiancve
debiancve
ubuntucve
ubuntucve
openvas
openvas
Ubuntu Update for cinder USN-1731-1
2013-02-22 00:00:00
Ubuntu Update for nova USN-1734-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1731-1)
2013-02-22 00:00:00
ubuntu
ubuntu
OpenStack Cinder vulnerability
2013-02-21 00:00:00
OpenStack Keystone vulnerabilities
2013-02-20 00:00:00
Django vulnerabilities
2013-03-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:00:49
XML External Entity (XXE)
2019-05-02 04:44:12
Denial Of Service (DoS)
2019-05-02 04:48:39
cve
cve
nvd
nvd
osv
osv
redhat
redhat
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-3.fc18
2013-03-04 22:39:17
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-5.fc18
2013-04-08 22:52:02
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47
freebsd
freebsd
django -- multiple vulnerabilities
2013-02-21 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2013-11-10 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
9.3
Confidence
High
EPSS
0.09
Percentile
94.6%
Related for USN-1734-1