Lucene search
Veracode Vulnerability DatabaseVERACODE:11803HistoryJan 15, 2019 - 9:07 a.m.
Authorization Bypass
2019-01-1509:07:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
51.9%
gluster-swift is vulnerable to authorization bypass. A flaw was found in the metadata constraints in Red Hat Gluster Storage’s OpenStack Object Storage (swiftonfile). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.
References
access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html/Technical_Notes/index.html
access.redhat.com/security/cve/CVE-2015-1856
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1242749
bugzilla.redhat.com/show_bug.cgi?id=1259221
rhn.redhat.com/errata/RHSA-2015-1846.html
Related
nvd
nvd
CVE-2014-8177
2016-06-07 14:06:00
prion
prion
Design/Logic Flaw
2016-06-07 14:06:00
cve
cve
CVE-2014-8177
2016-06-07 14:06:00
nessus
nessus
RHEL 6 : swiftonfile (RHSA-2015:1845)
2015-10-07 00:00:00
RHEL 7 : swiftonfile (RHSA-2015:1846)
2015-11-11 00:00:00
cvelist
cvelist
CVE-2014-8177
2016-06-07 14:00:00
redhat
redhat
(RHSA-2015:1846) Moderate: Red Hat Gluster Storage 3.1 update
2015-10-05 06:48:27
(RHSA-2015:1845) Moderate: Red Hat Gluster Storage 3.1 update
2015-10-05 00:00:00