Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2737-1
HistoryAug 12, 2013 - 12:00 a.m.

swift - several

2013-08-1200:00:00
Google
osv.dev
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

69.2%

JSON

Several vulnerabilities have been discovered in Swift, the Openstack
object storage. The Common Vulnerabilities and Exposures project
identifies the following problems:

  • CVE-2013-2161
    Alex Gaynor from Rackspace reported a vulnerability in XML
    handling within Swift account servers. Account strings were
    unescaped in xml listings, and an attacker could potentially
    generate unparsable or arbitrary XML responses which may be
    used to leverage other vulnerabilities in the calling software.
  • CVE-2013-4155
    Peter Portante from Red Hat reported a vulnerability in Swift.
    By issuing requests with an old X-Timestamp value, an
    authenticated attacker can fill an object server with superfluous
    object tombstones, which may significantly slow down subsequent
    requests to that object server, facilitating a Denial of Service
    attack against Swift clusters.

For the stable distribution (wheezy), these problems have been fixed in
version 1.4.8-2+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.0-6.

We recommend that you upgrade your swift packages.

CPENameOperatorVersion
swifteq1.4.8-2

Related

nessus 3
openvas 8
redhat 2
github 2
ubuntucve 2
veracode 3
prion 2
cvelist 2
cve 2
debiancve 2
fedora 1
seebug 1
securityvulns 4
nessus
nessus
Debian DSA-2737-1 : swift - several vulnerabilities
2013-08-15 00:00:00
openSUSE Security Update : openstack-swift (openSUSE-SU-2013:1146-1)
2014-06-13 00:00:00
Fedora 19 : openstack-swift-1.8.0-3.fc19 (2013-14477)
2013-08-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 2737-1 (swift - several vulnerabilities)
2013-08-12 00:00:00
Debian: Security Advisory (DSA-2737-1)
2013-08-11 00:00:00
Ubuntu Update for swift USN-2001-1
2013-10-29 00:00:00
redhat
redhat
(RHSA-2013:0993) Moderate: openstack-swift security and bug fix update
2013-06-27 00:00:00
(RHSA-2013:1197) Moderate: openstack-swift security update
2013-09-03 00:00:00
github
github
OpenStack Swift Unchecked user input in XML responses
2022-05-14 02:10:10
OpenStack Swift allows authenticated users to cause a denial of service
2022-05-17 04:58:58
ubuntucve
ubuntucve
CVE-2013-2161
2013-06-13 00:00:00
CVE-2013-4155
2013-08-07 00:00:00
veracode
veracode
Arbitrary XML Injection
2018-07-16 05:54:15
Arbitrary XML Injection
2019-01-15 08:55:19
Denial Of Service (DoS)
2019-01-15 08:58:17
prion
prion
Design/Logic Flaw
2013-08-20 22:55:00
Design/Logic Flaw
2013-08-20 22:55:00
cvelist
cvelist
CVE-2013-2161
2013-08-20 22:00:00
CVE-2013-4155
2013-08-20 22:00:00
cve
cve
CVE-2013-2161
2013-08-20 22:55:04
CVE-2013-4155
2013-08-20 22:55:04
debiancve
debiancve
CVE-2013-2161
2013-08-20 22:55:04
CVE-2013-4155
2013-08-20 22:55:04
fedora
fedora
[SECURITY] Fedora 19 Update: openstack-swift-1.8.0-3.fc19
2013-08-18 21:36:36
seebug
seebug
OpenStack Swift θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2013-4155)
2013-08-27 00:00:00
securityvulns
securityvulns
[USN-2001-1] Swift vulnerability
2013-10-28 00:00:00
[USN-1887-1] OpenStack Swift vulnerabilities
2013-07-01 00:00:00
OpenStack multiple security vulnerabilities
2013-07-01 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

69.2%

JSON
Related for OSV:DSA-2737-1
nessus3openvas8redhat2github2ubuntucve2veracode3prion2cvelist2cve2debiancve2fedora1seebug1securityvulns4