Backport upstream security fix for login page DOS-attack vulnerability (CVE-2014-8124)
Bug #1398893 reported by
Timur Sufiev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Committed
|
Critical
|
Timur Sufiev | ||
5.1.x |
Fix Released
|
Critical
|
Alexey Khivin |
Bug Description
Title: Horizon denial of service attack through login page
Reporter: Eric Peterson (Time Warner Cable)
Products: Horizon
Versions: up to 2014.1.3, and 2014.2 versions up to 2014.2.1
Description:
Eric Peterson from Time Warner Cable reported a vulnerability in
Horizon. By making repeated requests to the Horizon login page a remote
attacker may generate unwanted session records, potentially resulting in
a denial of service. Only Horizon setups using a db or memcached session
engine are affected.
CVE References
Changed in mos: | |
status: | New → In Progress |
milestone: | none → 6.0 |
Changed in mos: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Please provide ref to patch