By sending a single request with the same authentication method multiple times, a remote attacker might generate unwanted load on the Keystone host, which might potentially result in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected.
CVE ID:***CVE-2014-282__8
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92404> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Decription:
OpenStack Keystone is vulnerable to a denial of service, which is caused by an error in the V3 API authentication. By sending a specially crafted request with the same authentication method, a remote attacker might exploit this vulnerability to consume all available resources.
SmartCloud Orchestrator 2.3 and 2.3 Fix Pack 1
The recommended solution is to apply the fix as soon as practical. Upgrade to IBM SmartCloud Orchestrator 2.3 Fix Pack 1 Interim Fix 4.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm smartcloud orchestrator | eq | 2.3 |