Launchpad CVE tracker

CVE 2014-3497

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

Related bugs and status

CVE-2014-3497 (Candidate) is related to these bugs:

Bug #1327414: [OSSA 2014-020] www-authenticate value isn't quoted (CVE-2014-3497)

		In	Importance	Status
1327414	[OSSA 2014-020] www-authenticate value isn't quoted (CVE-2014-3497)	OpenStack Object Storage (swift)	Critical	Fix Released
1327414	[OSSA 2014-020] www-authenticate value isn't quoted (CVE-2014-3497)	OpenStack Security Advisory	Medium	Fix Released
1327414	[OSSA 2014-020] www-authenticate value isn't quoted (CVE-2014-3497)	OpenStack Object Storage (swift) icehouse	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.ubuntu.com/...
MISC: http://lists.openstack...
MISC: http://www.openwall.co...
MISC: https://review.opensta...
MISC: https://review.opensta...

Launchpad.net

CVE 2014-3497

Related bugs and status

Related bugs

References