Vulnerability Details : CVE-2012-1585
Potential exploit
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.
Vulnerability category: Denial of service
Products affected by CVE-2012-1585
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1585
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1585
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2012-1585
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1585
-
https://bugs.launchpad.net/nova/+bug/962515
Bug #962515 “PUT/POST of large server name's can increase nova A...” : Bugs : OpenStack Compute (nova)Exploit;Third Party Advisory
-
http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html
Broken Link
-
http://lwn.net/Alerts/491298/
Fedora alert FEDORA-2012-5026 (openstack-nova) [LWN.net]Third Party Advisory
Jump to