3 matches found
Fedora 23 : openstack-heat-2015.1.2-2.fc23 (2016-fe5b9da308)
Backport of the patch for CVE-2015-5295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
CVE-2015-5295
The template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or determine the existence of local files via the resource type in a template, as demonstrated by...
CVE-2015-5295
CVE-2015-5295 affects OpenStack Heat’s template-validate command. A remote authenticated user can abuse the template validation path to cause memory exhaustion (DoS) or to determine the existence of local files via the resource type in a template, demonstrated by file:///dev/zero. Affected softwa...