CVE-2016-0738 Information

Feb 14, 2021 cve

Description

OpenStack Object Storage (Swift) before 2.3.1 (Kilo) 2.4.x and 2.5.x before 2.5.1 (Liberty) do not properly close server connections which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html http://rhn.redhat.com/errata/RHSA-2016-0128.html http://rhn.redhat.com/errata/RHSA-2016-0155.html http://rhn.redhat.com/errata/RHSA-2016-0329.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/81432 https://bugs.launchpad.net/cloud-archive/+bug/1493303 https://github.com/openstack/swift/blob/master/CHANGELOG https://security.openstack.org/ossa/OSSA-2016-004.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: