OpenStack Security Advisory

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1394370
Comment #58

Comment 58 for bug 1394370

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-09: Fix merged to horizon (stable/icehouse)

#58

Reviewed: https://review.openstack.org/140356
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=61d09f6f96a22cd6c0ade58f6486cdbd118c5e2a
Submitter: Jenkins
Branch: stable/icehouse

commit 61d09f6f96a22cd6c0ade58f6486cdbd118c5e2a
Author: lin-hua-cheng <email address hidden>
Date: Mon Dec 1 18:16:15 2014 -0800

Horizon login page contains DOS attack mechanism

    the horizon login page (really the middleware) accesses the session
    too early in the login process, which will create session records
    in the session backend. This is especially problematic when non-cookie
    backends are used.

Change-Id: I9d2c40403fb9b0cfb512f2ff45397cbe0b050c71
Closes-Bug: 1394370