CVE-2013-4155

CVSS V2 Medium 4 CVSS V3 None

Description

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

Overview

CVE ID
CVE-2013-4155

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2013-08-20T22:55:04

Last Modified Date
2013-10-31T03:34:48

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:openstack:folsom:-:::::::*	1	OR
cpe:2.3:a:openstack:grizzly:-:::::::*	1	OR
cpe:2.3:a:openstack:havana:-:::::::*	1	OR
cpe:2.3:a:openstack:swift::::::::	1	OR	1.9.0
cpe:2.3:a:openstack:swift:1.0.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.0.1:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.0.2:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.1.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.1.0:rc1::::::	1	OR
cpe:2.3:a:openstack:swift:1.1.0:rc2::::::	1	OR
cpe:2.3:a:openstack:swift:1.2.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.2.0:gamma1::::::	1	OR
cpe:2.3:a:openstack:swift:1.2.0:rc1::::::	1	OR
cpe:2.3:a:openstack:swift:1.3.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.3.0:gamma1::::::	1	OR
cpe:2.3:a:openstack:swift:1.3.0:rc1::::::	1	OR
cpe:2.3:a:openstack:swift:1.4.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.1:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.2:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.3:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.4:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.5:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.6:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.7:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.4.8:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.5.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.6.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.7.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.7.2:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.7.4:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.7.5:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.7.6:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.8.0:::::::*	1	OR
cpe:2.3:a:openstack:swift:1.8.0:rc1::::::	1	OR
cpe:2.3:a:openstack:swift:1.8.0:rc2::::::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
SINGLE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
4

Severity
MEDIUM

Exploitability Score
8

Impact Score
2.9

References

Reference URL	Reference Tags
https://review.openstack.org/#/c/40646/
http://www.openwall.com/lists/oss-security/2013/08/07/6
https://bugs.launchpad.net/swift/+bug/1196932
http://www.debian.org/security/2012/dsa-2737
https://review.openstack.org/#/c/40643/
https://review.openstack.org/#/c/40645/
http://rhn.redhat.com/errata/RHSA-2013-1197.html
http://www.ubuntu.com/usn/USN-2001-1

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2013-4155
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4155

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:40:26				Added to TrackCVE
2022-12-01 19:24:46	2013-08-20T22:55Z	2013-08-20T22:55:04	CVE Published Date	updated
2022-12-01 19:24:46		2013-10-31T03:34:48	CVE Modified Date	updated
2022-12-01 19:24:46		Modified	Vulnerability Status	updated