Vulnerability Details : CVE-2015-3221
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-3221
- cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3221
2.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3221
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2015-3221
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3221
-
http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html
OpenStack Open Source Cloud Computing Software » Message: [openstack-announce] [OSSA 2015-012] Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)Vendor Advisory
-
http://www.securityfocus.com/bid/75368
OpenStack Neutron CVE-2015-3221 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://bugs.launchpad.net/neutron/+bug/1461054
Bug #1461054 “[OSSA 2015-012] Adding 0.0.0.0/0 to allowed addres...” : Bugs : neutronThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1680.html
RHSA-2015:1680 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to