Launchpad CVE tracker

CVE 2013-2014

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

Related bugs and status

CVE-2013-2014 (Candidate) is related to these bugs:

Bug #1098177: keystone has no limitation for requests and headers size which may cause DB or process crash

Summary				In	Importance	Status
	1098177	keystone has no limitation for requests and headers size which may cause DB or process crash		OpenStack Identity (keystone)	Undecided	Incomplete

Bug #1155566: Note: Keystone Request / Header Size Limits Required to Avoid DoS

Summary				In	Importance	Status
	1155566	Note: Keystone Request / Header Size Limits Required to Avoid DoS		OpenStack Security Notes	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2014

References