Lucene search

[email protected]CVE-2012-3371

HistoryJul 17, 2012 - 9:55 p.m.

CVE-2012-3371

2012-07-1721:55:02

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-3371

nova scheduler

openstack compute

folsom

essex

denial of service

remote code execution

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

JSON

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

Affected configurations

NVD

Node

openstackcomputeMatch2012.2

openstackessexMatch2012.1

openstackfolsomMatch2012.2

CPENameOperatorVersion
openstack:computeopenstack computeeq2012.2
openstack:essexopenstack essexeq2012.1
openstack:folsomopenstack folsomeq2012.2

CPE	Name	Operator	Version
openstack:compute	openstack compute	eq	2012.2
openstack:essex	openstack essex	eq	2012.1
openstack:folsom	openstack folsom	eq	2012.2

References

www.openwall.com/lists/oss-security/2012/07/11/13

www.securityfocus.com/bid/54388

www.ubuntu.com/usn/USN-1501-1

bugs.launchpad.net/nova/+bug/1017795

github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d

lists.launchpad.net/openstack/msg14452.html

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2012-3371

nessus2 openvas8 ubuntu1 debiancve1 cvelist1 prion1 github1 nvd1 ubuntucve1 osv1 fedora3 securityvulns1