Vulnerability Details : CVE-2014-5356
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
Vulnerability category: Denial of service
Products affected by CVE-2014-5356
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):juno-2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):juno-1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1.1:*:*:*:*:*:*:*
Threat overview for CVE-2014-5356
Top countries where our scanners detected CVE-2014-5356
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2014-5356 8
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-5356!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-5356
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5356
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-5356
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5356
-
http://secunia.com/advisories/60743
Sign in
-
http://rhn.redhat.com/errata/RHSA-2014-1337.html
RHSA-2014:1337 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2014/08/21/6
oss-security - [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356)
-
http://rhn.redhat.com/errata/RHSA-2014-1338.html
RHSA-2014:1338 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2322-1
USN-2322-1: OpenStack Glance vulnerability | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2014-1685.html
RHSA-2014:1685 - Security Advisory - Red Hat Customer Portal
-
https://bugs.launchpad.net/glance/+bug/1315321
Bug #1315321 “[OSSA 2014-028] image_size_cap not checked in v2 (...” : Bugs : Glance
Jump to