openstack-neutron is vulnerable to denial of service (DoS) attacks. The vulnerability exists as OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html
rhn.redhat.com/errata/RHSA-2015-1680.html
www.securityfocus.com/bid/75368
access.redhat.com/errata/RHSA-2015:1680
access.redhat.com/security/cve/CVE-2015-3221
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/neutron/+bug/1461054
bugzilla.redhat.com/show_bug.cgi?id=1208002
bugzilla.redhat.com/show_bug.cgi?id=1227635
bugzilla.redhat.com/show_bug.cgi?id=1232284
bugzilla.redhat.com/show_bug.cgi?id=1250056
rhn.redhat.com/errata/RHSA-2015-1680.html