Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0790
HistoryApr 07, 2015 - 12:00 a.m.

(RHSA-2015:0790) Important: openstack-nova security, bug fix, and enhancement update

2015-04-0700:00:00
access.redhat.com
19

EPSS

0.008

Percentile

81.3%

JSON

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

It was discovered that the OpenStack Compute (nova) console websocket did
not correctly verify the origin header. An attacker could use this flaw to
conduct a cross-site websocket hijack attack. Note that only Compute setups
with VNC or SPICE enabled were affected by this flaw. (CVE-2015-0259)

Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Brian Manifold of Cisco, and Paul McMillan of Nebula
as the original reporters.

In addition to the above issue, this update also addresses bugs and
enhancements which are documented in the Red Hat Enterprise Linux OpenStack
Platform Technical Notes, linked to in the References section.

All openstack-nova users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchopenstack-nova-doc< 2014.2.2-19.el7ostopenstack-nova-doc-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-objectstore< 2014.2.2-19.el7ostopenstack-nova-objectstore-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-serialproxy< 2014.2.2-19.el7ostopenstack-nova-serialproxy-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-compute< 2014.2.2-19.el7ostopenstack-nova-compute-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-conductor< 2014.2.2-19.el7ostopenstack-nova-conductor-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-common< 2014.2.2-19.el7ostopenstack-nova-common-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchpython-nova< 2014.2.2-19.el7ostpython-nova-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-cert< 2014.2.2-19.el7ostopenstack-nova-cert-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-network< 2014.2.2-19.el7ostopenstack-nova-network-2014.2.2-19.el7ost.noarch.rpm
RedHat7noarchopenstack-nova-console< 2014.2.2-19.el7ostopenstack-nova-console-2014.2.2-19.el7ost.noarch.rpm
Rows per page:
1-10 of 151

Related

cve 1
debiancve 1
ubuntucve 1
veracode 2
prion 1
nvd 1
osv 1
cvelist 1
github 1
redhat 2
cve
cve
CVE-2015-0259
2015-04-01 14:59:01
debiancve
debiancve
CVE-2015-0259
2015-04-01 14:59:01
ubuntucve
ubuntucve
CVE-2015-0259
2015-04-01 00:00:00
veracode
veracode
Session Hijacking
2019-01-15 09:05:27
Denial Of Service (DoS)
2019-05-02 05:13:19
prion
prion
Authentication flaw
2015-04-01 14:59:00
nvd
nvd
CVE-2015-0259
2015-04-01 14:59:01
osv
osv
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
2022-05-14 01:58:45
cvelist
cvelist
CVE-2015-0259
2015-04-01 14:00:00
github
github
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
2022-05-14 01:58:45
redhat
redhat
(RHSA-2015:0843) Important: openstack-nova security, bug fix, and enhancement update
2015-04-16 00:00:00
(RHSA-2015:0844) Important: openstack-nova security, bug fix, and enhancement update
2015-04-16 14:12:13

EPSS

0.008

Percentile

81.3%

JSON
Related for RHSA-2015:0790
cve1debiancve1ubuntucve1veracode2prion1nvd1osv1cvelist1github1redhat2