Red Hat Storage is vulnerable to a denial of service attack. The attack is due to the flaw in the way Python’s SSL module implementation performed matching of certain certificate names, allowing the attacker to input a valid certificate containing multiple wildcard characters resulting in excessive consumption of CPU in validation stage.
bugs.python.org/issue17980
rhn.redhat.com/errata/RHSA-2014-1690.html
secunia.com/advisories/55107
secunia.com/advisories/55116
www.openwall.com/lists/oss-security/2013/05/16/6
www.ubuntu.com/usn/USN-1983-1
www.ubuntu.com/usn/USN-1984-1
www.ubuntu.com/usn/USN-1985-1
access.redhat.com/errata/RHBA-2016:1500
access.redhat.com/errata/RHSA-2014:1263
access.redhat.com/errata/RHSA-2014:1690
access.redhat.com/errata/RHSA-2015:0042
access.redhat.com/errata/RHSA-2016:1166
access.redhat.com/security/cve/CVE-2013-2099
access.redhat.com/security/updates/classification/#low
access.redhat.com/site/documentation/en-US/Red_Hat_Storage/2.1/html/Technical_Notes/index.html
access.redhat.com/solutions/1189413
access.redhat.com/solutions/1199193
bugzilla.redhat.com/show_bug.cgi?id=1062197
bugzilla.redhat.com/show_bug.cgi?id=1126354
bugzilla.redhat.com/show_bug.cgi?id=1135082
bugzilla.redhat.com/show_bug.cgi?id=963260
rhn.redhat.com/errata/RHSA-2014-1263.html