CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

DEBIAN-CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

DEBIAN-CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

Design/Logic Flaw

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

Authentication flaw

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0282

CVE-2013-0282 affects OpenStack Keystone (Grizzly 2013.1, Folsom 2012.1.3, Essex). The root cause is that EC2-style authentication did not properly verify that the (1) user, (2) tenant, or (3) domain is enabled, enabling context-dependent attackers to bypass access restrictions. Public documents ...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270 Keystone: openstack keystone: denial of service via large http request with long tenant name

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270

OpenStack Keystone CVE-2013-0270 affects Grizzly before 2013.1 (Folsom and possibly earlier). The vulnerability allows remote attackers to trigger a denial of service by sending a large HTTP request, demonstrated by an oversized tenant_name during token requests. Supported sources across multiple...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

DEBIAN-CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...