CVE 2013-4179
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
Related bugs and status
CVE-2013-4179 (Candidate) is related to these bugs:
Bug #1190229: [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1190229 | [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202) | OpenStack Security Advisory | Medium | Fix Released | ||
1190229 | [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202) | neutron | Undecided | Invalid | ||
1190229 | [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202) | Cinder | High | Fix Released | ||
1190229 | [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202) | OpenStack Compute (nova) | High | Fix Released | ||
1190229 | [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202) | OpenStack Compute (nova) grizzly | High | Fix Released | ||
1190229 | [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202) | Cinder grizzly | High | Fix Released |
Bug #1210447: Meta bug for tracking Openstack 2013.1.3 Stable Update
See the
CVE page on Mitre.org
for more details.