Lucene search

[email protected]NVD:CVE-2014-9623

HistoryJan 23, 2015 - 3:59 p.m.

CVE-2014-9623

2015-01-2315:59:06

CWE-399

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Affected configurations

NVD

Node

redhatopenstackMatch5.0

Node

openstackimage_registry_and_delivery_service_\(glance\)Range≤2014.1.3

openstackimage_registry_and_delivery_service_\(glance\)Match2014.2

openstackimage_registry_and_delivery_service_\(glance\)Match2014.2rc1

openstackimage_registry_and_delivery_service_\(glance\)Match2014.2rc2

openstackimage_registry_and_delivery_service_\(glance\)Match2014.2rc3

References

rhn.redhat.com/errata/RHSA-2015-0644.html

rhn.redhat.com/errata/RHSA-2015-0837.html

rhn.redhat.com/errata/RHSA-2015-0838.html

secunia.com/advisories/62165

www.openwall.com/lists/oss-security/2015/01/18/4

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

bugs.launchpad.net/glance/+bug/1383973

bugs.launchpad.net/glance/+bug/1398830

security.openstack.org/ossa/OSSA-2015-003.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for NVD:CVE-2014-9623

redhat3 cve2 veracode1 github2 cvelist2 ubuntucve2 debiancve2 prion2 osv1 nvd1