1. CVE-Search
  2. CVE-2013-0247
ID CVE-2013-0247
Summary OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. Per http://www.ubuntu.com/usn/USN-1715-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-11-2018 - 17:56)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2013:0253
rpms
  • openstack-keystone-0:2012.2.1-3.el6ost
  • openstack-keystone-doc-0:2012.2.1-3.el6ost
  • python-keystone-0:2012.2.1-3.el6ost
refmap via4
bid 57747
confirm https://bugs.launchpad.net/keystone/+bug/1098307
fedora FEDORA-2013-2168
misc https://bugzilla.redhat.com/show_bug.cgi?id=906171
ubuntu USN-1715-1
Last major update 15-11-2018 - 17:56
Published 24-02-2013 - 19:55
Last modified 15-11-2018 - 17:56
Back to Top