Vulnerability Details : CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-8611
- cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8611
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8611
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2016-8611
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Secondary)
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: secalert@redhat.com (Primary)
References for CVE-2016-8611
-
http://www.securitytracker.com/id/1037312
HPE Helion OpenStack Glance Image Service Lets Remote Authenticated Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94378
OpenStack Glance CVE-2016-8611 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384
HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS)Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611
1387293 – (CVE-2016-8611) CVE-2016-8611 openstack-glance: Glance Image service v1 and v2 api image-create vulnerabilityIssue Tracking;Third Party Advisory
-
http://seclists.org/oss-sec/2016/q4/266
oss-sec: [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerabilityMailing List;Third Party Advisory
Jump to