ID CVE-2014-7960
Summary OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.2.0:gamma1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.2.0:gamma1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.3.0:gamma1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.3.0:gamma1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.8.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.8.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.8.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.8.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.13.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.13.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:1.13.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:1.13.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:swift:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:swift:2.1.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 08-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2015:0835
  • rhsa
    id RHSA-2015:0836
  • rhsa
    id RHSA-2015:1495
rpms
  • openstack-swift-0:1.13.1-4.el7ost
  • openstack-swift-account-0:1.13.1-4.el7ost
  • openstack-swift-container-0:1.13.1-4.el7ost
  • openstack-swift-doc-0:1.13.1-4.el7ost
  • openstack-swift-object-0:1.13.1-4.el7ost
  • openstack-swift-proxy-0:1.13.1-4.el7ost
  • openstack-swift-0:1.13.1-4.el6ost
  • openstack-swift-account-0:1.13.1-4.el6ost
  • openstack-swift-container-0:1.13.1-4.el6ost
  • openstack-swift-doc-0:1.13.1-4.el6ost
  • openstack-swift-object-0:1.13.1-4.el6ost
  • openstack-swift-proxy-0:1.13.1-4.el6ost
  • augeas-0:1.0.0-10.el6
  • augeas-debuginfo-0:1.0.0-10.el6
  • augeas-devel-0:1.0.0-10.el6
  • augeas-libs-0:1.0.0-10.el6
  • ccs-0:0.16.2-81.el6
  • check-mk-0:1.2.6p1-3.el6rhs
  • check-mk-debuginfo-0:1.2.6p1-3.el6rhs
  • check-mk-livestatus-0:1.2.6p1-3.el6rhs
  • clufter-cli-0:0.11.2-1.el6
  • clufter-debuginfo-0:0.11.2-1.el6
  • clufter-lib-ccs-0:0.11.2-1.el6
  • clufter-lib-general-0:0.11.2-1.el6
  • clufter-lib-pcs-0:0.11.2-1.el6
  • cluster-cim-0:0.16.2-31.el6
  • cluster-debuginfo-0:3.0.12.1-73.el6
  • cluster-snmp-0:0.16.2-31.el6
  • clusterlib-0:3.0.12.1-73.el6
  • clusterlib-devel-0:3.0.12.1-73.el6
  • clustermon-debuginfo-0:0.16.2-31.el6
  • cman-0:3.0.12.1-73.el6
  • corosync-0:1.4.7-2.el6
  • corosync-debuginfo-0:1.4.7-2.el6
  • corosynclib-0:1.4.7-2.el6
  • corosynclib-devel-0:1.4.7-2.el6
  • ctdb2.5-0:2.5.5-7.el6rhs
  • ctdb2.5-debuginfo-0:2.5.5-7.el6rhs
  • fence-virt-0:0.2.3-19.el6
  • fence-virt-debuginfo-0:0.2.3-19.el6
  • fence-virtd-0:0.2.3-19.el6
  • fence-virtd-checkpoint-0:0.2.3-19.el6
  • fence-virtd-libvirt-0:0.2.3-19.el6
  • fence-virtd-multicast-0:0.2.3-19.el6
  • fence-virtd-serial-0:0.2.3-19.el6
  • gfs2-utils-0:3.0.12.1-73.el6
  • gluster-nagios-addons-0:0.2.4-4.el6rhs
  • gluster-nagios-addons-debuginfo-0:0.2.4-4.el6rhs
  • gluster-nagios-common-0:0.2.0-1.el6rhs
  • glusterfs-0:3.7.1-11.el5
  • glusterfs-0:3.7.1-11.el6
  • glusterfs-0:3.7.1-11.el6rhs
  • glusterfs-api-0:3.7.1-11.el5
  • glusterfs-api-0:3.7.1-11.el6
  • glusterfs-api-0:3.7.1-11.el6rhs
  • glusterfs-api-devel-0:3.7.1-11.el5
  • glusterfs-api-devel-0:3.7.1-11.el6
  • glusterfs-api-devel-0:3.7.1-11.el6rhs
  • glusterfs-cli-0:3.7.1-11.el5
  • glusterfs-cli-0:3.7.1-11.el6
  • glusterfs-cli-0:3.7.1-11.el6rhs
  • glusterfs-client-xlators-0:3.7.1-11.el5
  • glusterfs-client-xlators-0:3.7.1-11.el6
  • glusterfs-client-xlators-0:3.7.1-11.el6rhs
  • glusterfs-debuginfo-0:3.7.1-11.el5
  • glusterfs-debuginfo-0:3.7.1-11.el6
  • glusterfs-debuginfo-0:3.7.1-11.el6rhs
  • glusterfs-devel-0:3.7.1-11.el5
  • glusterfs-devel-0:3.7.1-11.el6
  • glusterfs-devel-0:3.7.1-11.el6rhs
  • glusterfs-fuse-0:3.7.1-11.el5
  • glusterfs-fuse-0:3.7.1-11.el6
  • glusterfs-fuse-0:3.7.1-11.el6rhs
  • glusterfs-ganesha-0:3.7.1-11.el6rhs
  • glusterfs-geo-replication-0:3.7.1-11.el6rhs
  • glusterfs-libs-0:3.7.1-11.el5
  • glusterfs-libs-0:3.7.1-11.el6
  • glusterfs-libs-0:3.7.1-11.el6rhs
  • glusterfs-rdma-0:3.7.1-11.el5
  • glusterfs-rdma-0:3.7.1-11.el6
  • glusterfs-rdma-0:3.7.1-11.el6rhs
  • glusterfs-server-0:3.7.1-11.el6rhs
  • gstatus-0:0.64-3.1.el6rhs
  • gstatus-debuginfo-0:0.64-3.1.el6rhs
  • libqb-0:0.17.1-1.el6
  • libqb-debuginfo-0:0.17.1-1.el6
  • libqb-devel-0:0.17.1-1.el6
  • libtalloc-0:2.1.1-4.el6rhs
  • libtalloc-debuginfo-0:2.1.1-4.el6rhs
  • libtalloc-devel-0:2.1.1-4.el6rhs
  • libvirt-debuginfo-0:0.10.2-54.el6
  • libvirt-lock-sanlock-0:0.10.2-54.el6
  • modcluster-0:0.16.2-31.el6
  • nagios-plugins-0:1.4.16-12.el6rhs
  • nagios-plugins-debuginfo-0:1.4.16-12.el6rhs
  • nagios-plugins-dummy-0:1.4.16-12.el6rhs
  • nagios-plugins-ide_smart-0:1.4.16-12.el6rhs
  • nagios-plugins-nrpe-0:2.15-4.1.el6rhs
  • nagios-plugins-ping-0:1.4.16-12.el6rhs
  • nagios-plugins-procs-0:1.4.16-12.el6rhs
  • nagios-server-addons-0:0.2.1-4.el6rhs
  • nfs-ganesha-0:2.2.0-5.el6rhs
  • nfs-ganesha-debuginfo-0:2.2.0-5.el6rhs
  • nfs-ganesha-gluster-0:2.2.0-5.el6rhs
  • nfs-ganesha-nullfs-0:2.2.0-5.el6rhs
  • nrpe-0:2.15-4.1.el6rhs
  • nrpe-debuginfo-0:2.15-4.1.el6rhs
  • openais-0:1.1.1-7.el6
  • openais-debuginfo-0:1.1.1-7.el6
  • openaislib-0:1.1.1-7.el6
  • openaislib-devel-0:1.1.1-7.el6
  • openstack-swift-0:1.13.1-4.el6ost
  • openstack-swift-account-0:1.13.1-4.el6ost
  • openstack-swift-container-0:1.13.1-4.el6ost
  • openstack-swift-doc-0:1.13.1-4.el6ost
  • openstack-swift-object-0:1.13.1-4.el6ost
  • openstack-swift-proxy-0:1.13.1-4.el6ost
  • pacemaker-0:1.1.12-8.el6
  • pacemaker-cli-0:1.1.12-8.el6
  • pacemaker-cluster-libs-0:1.1.12-8.el6
  • pacemaker-cts-0:1.1.12-8.el6
  • pacemaker-debuginfo-0:1.1.12-8.el6
  • pacemaker-doc-0:1.1.12-8.el6
  • pacemaker-libs-0:1.1.12-8.el6
  • pacemaker-libs-devel-0:1.1.12-8.el6
  • pacemaker-remote-0:1.1.12-8.el6
  • pcs-0:0.9.139-9.el6
  • pcs-debuginfo-0:0.9.139-9.el6
  • pnp4nagios-0:0.6.22-2.1.el6rhs
  • pnp4nagios-debuginfo-0:0.6.22-2.1.el6rhs
  • pynag-0:0.9.1-1.el6rhs
  • pynag-examples-0:0.9.1-1.el6rhs
  • pytalloc-0:2.1.1-4.el6rhs
  • pytalloc-devel-0:2.1.1-4.el6rhs
  • python-blivet-1:1.0.0.2-1.el6rhs
  • python-clufter-0:0.11.2-1.el6
  • python-cpopen-0:1.3-4.el6_5
  • python-cpopen-debuginfo-0:1.3-4.el6_5
  • python-eventlet-0:0.14.0-1.el6
  • python-eventlet-doc-0:0.14.0-1.el6
  • python-gluster-0:3.7.1-11.el5
  • python-gluster-0:3.7.1-11.el6
  • python-gluster-0:3.7.1-11.el6rhs
  • python-greenlet-0:0.4.2-1.el6
  • python-greenlet-debuginfo-0:0.4.2-1.el6
  • python-greenlet-devel-0:0.4.2-1.el6
  • python-keystoneclient-1:0.9.0-5.el6ost
  • python-keystoneclient-doc-1:0.9.0-5.el6ost
  • python-prettytable-0:0.7.2-1.el6
  • python-pyudev-0:0.15-2.el6rhs
  • redhat-storage-logos-0:60.0.20-1.el6rhs
  • redhat-storage-server-0:3.1.0.3-1.el6rhs
  • resource-agents-0:3.9.5-24.el6
  • resource-agents-debuginfo-0:3.9.5-24.el6
  • resource-agents-sap-0:3.9.5-24.el6
  • ricci-0:0.16.2-81.el6
  • ricci-debuginfo-0:0.16.2-81.el6
  • userspace-rcu-0:0.7.9-2.el6rhs
  • userspace-rcu-debuginfo-0:0.7.9-2.el6rhs
  • userspace-rcu-devel-0:0.7.9-2.el6rhs
  • vdsm-0:4.16.20-1.2.el6rhs
  • vdsm-cli-0:4.16.20-1.2.el6rhs
  • vdsm-debug-plugin-0:4.16.20-1.2.el6rhs
  • vdsm-debuginfo-0:4.16.20-1.2.el6rhs
  • vdsm-gluster-0:4.16.20-1.2.el6rhs
  • vdsm-hook-ethtool-options-0:4.16.20-1.2.el6rhs
  • vdsm-hook-faqemu-0:4.16.20-1.2.el6rhs
  • vdsm-hook-openstacknet-0:4.16.20-1.2.el6rhs
  • vdsm-hook-qemucmdline-0:4.16.20-1.2.el6rhs
  • vdsm-jsonrpc-0:4.16.20-1.2.el6rhs
  • vdsm-python-0:4.16.20-1.2.el6rhs
  • vdsm-python-zombiereaper-0:4.16.20-1.2.el6rhs
  • vdsm-reg-0:4.16.20-1.2.el6rhs
  • vdsm-tests-0:4.16.20-1.2.el6rhs
  • vdsm-xmlrpc-0:4.16.20-1.2.el6rhs
  • vdsm-yajsonrpc-0:4.16.20-1.2.el6rhs
refmap via4
bid 70279
confirm
mlist
  • [oss-security] 20141007 CVE request for vulnerability in OpenStack Swift
  • [oss-security] 20141008 Re: CVE request for vulnerability in OpenStack Swift
suse SUSE-SU-2015:1846
ubuntu USN-2704-1
xf openstack-swift-cve20147960-sec-bypass(96901)
Last major update 08-09-2017 - 01:29
Published 17-10-2014 - 15:55
Last modified 08-09-2017 - 01:29
Back to Top