Lucene search

[email protected]NVD:CVE-2015-5303

HistoryApr 11, 2016 - 9:59 p.m.

CVE-2015-5303

2016-04-1121:59:03

CWE-254

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

55.6%

JSON

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

Affected configurations

Nvd

Node

openstacktripleo_heat_templates

VendorProductVersionCPE
openstacktripleo_heat_templates*cpe:2.3:a:openstack:tripleo_heat_templates:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	tripleo_heat_templates	*	cpe:2.3:a:openstack:tripleo_heat_templates::::::::

References

access.redhat.com/errata/RHSA-2015:2650

bugs.launchpad.net/tripleo/+bug/1516027

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

55.6%

JSON

Related for NVD:CVE-2015-5303

ubuntucve1 cvelist1 prion1 github1 osv1 veracode1 cve1 redhat1