OpenStack Havana 2013.2.1

CPE Details

OpenStack Havana 2013.2.1
openstack
havana
2013.2.1
2014-01-24
14h48 +00:00
2014-01-24
14h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:havana:2013.2.1:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

havana

Version

2013.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2013-6419 2014-01-07 17h00 +00:00 Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
5
CVE-2013-4497 2013-11-05 20h00 +00:00 The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
6.4
CVE-2013-4179 2013-09-16 17h00 +00:00 The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
4.3