UbuntuUSN-2256-1Swift vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Releases
- Ubuntu 14.04 ESM
Packages
- swift - OpenStack distributed virtual object store
Details
John Dickinson discovered that Swift did not properly quote the
WWW-Authenticate header value. If a user were tricked into navigating to a
malicious Swift URL, an attacker could conduct cross-site scripting
attacks. With cross-site scripting vulnerabilities, if a user were tricked
into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential
data, within the same domain.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | python-swift | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift-account | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift-container | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift-doc | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift-object | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift-object-expirer | < 1.13.1-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | swift-proxy | < 1.13.1-0ubuntu1.1 | UNKNOWN |
References
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%