Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2012-3371
HistoryJul 11, 2012 - 12:00 a.m.

CVE-2012-3371

2012-07-1100:00:00
ubuntu.com
ubuntu.com
10

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

EPSS

0.007

Percentile

80.4%

JSON

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex
(2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows
remote authenticated users to cause a denial of service (excessive database
lookup calls and server hang) via a request with many repeated IDs in the
os:scheduler_hints section.
Dan Prince from Red Hat reported a vulnerability in Nova scheduler
nodes. By creating servers with malicious scheduler_hints, an
authenticated user may generate a huge amount of database calls,
potentially resulting in a Denial of Service attack against Nova
scheduler nodes. Only setups exposing the OpenStack API and enabling
DifferentHostFilter and/or SameHostFilter are affected.

Notes

Author Note
tyhicks Essex and newer are affected
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchnova< 2012.1+stable~20120612-3ee026e-0ubuntu1.2UNKNOWN

Related

nvd 1
github 1
nessus 2
prion 1
ubuntu 1
debiancve 1
cvelist 1
cve 1
openvas 8
osv 1
fedora 3
securityvulns 1
nvd
nvd
CVE-2012-3371
2012-07-17 21:55:02
github
github
OpenStack Nova Scheduler denial of service through scheduler_hints
2022-05-17 05:25:08
nessus
nessus
Fedora 17 : openstack-nova-2012.1.1-4.fc17 (2012-10939)
2012-07-30 00:00:00
Ubuntu 12.04 LTS : nova vulnerability (USN-1501-1)
2012-07-12 00:00:00
prion
prion
Design/Logic Flaw
2012-07-17 21:55:00
ubuntu
ubuntu
Nova vulnerability
2012-07-11 00:00:00
debiancve
debiancve
CVE-2012-3371
2012-07-17 21:55:02
cvelist
cvelist
CVE-2012-3371
2012-07-17 21:00:00
cve
cve
CVE-2012-3371
2012-07-17 21:55:02
openvas
openvas
Ubuntu Update for nova USN-1501-1
2012-07-16 00:00:00
Ubuntu: Security Advisory (USN-1501-1)
2012-07-16 00:00:00
Fedora Update for openstack-nova FEDORA-2012-10939
2012-08-30 00:00:00
osv
osv
OpenStack Nova Scheduler denial of service through scheduler_hints
2022-05-17 05:25:08
fedora
fedora
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.1-4.fc17
2012-07-29 00:53:08
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.1-15.fc17
2012-08-21 09:53:13
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.3-3.fc17
2013-02-10 04:43:56
securityvulns
securityvulns
Nova security vulnerabilities
2012-08-27 00:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

EPSS

0.007

Percentile

80.4%

JSON
Related for UB:CVE-2012-3371
nvd1github1nessus2prion1ubuntu1debiancve1cvelist1cve1openvas8osv1fedora3securityvulns1