CVE 2014-8124
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
Related bugs and status
CVE-2014-8124 (Candidate) is related to these bugs:
Bug #1394370: [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1394370 | [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124) | OpenStack Dashboard (Horizon) | High | Fix Released | ||
1394370 | [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124) | OpenStack Security Advisory | High | Fix Released | ||
1394370 | [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124) | OpenStack Dashboard (Horizon) icehouse | Undecided | Fix Released | ||
1394370 | [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124) | OpenStack Dashboard (Horizon) juno | Undecided | Fix Released |
Bug #1398893: Backport upstream security fix for login page DOS-attack vulnerability (CVE-2014-8124)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1398893 | Backport upstream security fix for login page DOS-attack vulnerability (CVE-2014-8124) | Mirantis OpenStack | Critical | Fix Committed | ||
1398893 | Backport upstream security fix for login page DOS-attack vulnerability (CVE-2014-8124) | Mirantis OpenStack 5.1.x | Critical | Fix Released |
Bug #1403037: Need to login twice (again)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1403037 | Need to login twice (again) | django-openstack-auth | High | Fix Released | ||
1403037 | Need to login twice (again) | python-django-openstack-auth (Ubuntu) | Undecided | Fix Released | ||
1403037 | Need to login twice (again) | python-django-openstack-auth (Ubuntu Vivid) | Medium | Won't Fix | ||
1403037 | Need to login twice (again) | Ubuntu Cloud Archive | Medium | Fix Released | ||
1403037 | Need to login twice (again) | Ubuntu Cloud Archive kilo | Medium | Fix Released |
Bug #1481494: Session timed out notice in horizon after idle period
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1481494 | Session timed out notice in horizon after idle period | Mirantis OpenStack | High | Invalid | ||
1481494 | Session timed out notice in horizon after idle period | Mirantis OpenStack 6.1.x | High | Invalid | ||
1481494 | Session timed out notice in horizon after idle period | Mirantis OpenStack 7.0.x | High | Invalid | ||
1481494 | Session timed out notice in horizon after idle period | Mirantis OpenStack 6.0.x | High | Fix Released |
See the
CVE page on Mitre.org
for more details.