6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
openstack-nova is vulnerable to denial of service (DoS) attacks. The vulnerability exists as OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
rhn.redhat.com/errata/RHSA-2015-1723.html
rhn.redhat.com/errata/RHSA-2015-1898.html
www.securityfocus.com/bid/75372
access.redhat.com/errata/RHSA-2015:1723
access.redhat.com/errata/RHSA-2015:1898
access.redhat.com/security/cve/CVE-2015-3241
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1232782
github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
launchpad.net/bugs/1387543
rhn.redhat.com/errata/RHSA-2015-1723.html
security.openstack.org/ossa/OSSA-2015-015.html