CVE-2013-0270

moderate-risk
Published 2013-04-12

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.

Do I need to act?

~
2.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (4)

Keystone
Keystone
Keystone
Keystone

Affected Vendors

Openstack

References (13)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2013-0708.html
https://access.redhat.com/security/cve/CVE-2013-0270
Third Party Advisory https://bugs.launchpad.net/keystone/+bug/1099025
Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=909012
Third Party Advisory https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e03...
Third Party Advisory https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276...
Patch https://launchpad.net/keystone/grizzly/2013.1
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2013-0708.html
Third Party Advisory https://bugs.launchpad.net/keystone/+bug/1099025
Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=909012
Third Party Advisory https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e03...
Third Party Advisory https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276...
Patch https://launchpad.net/keystone/grizzly/2013.1
40
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 6/34 · Minimal
Exposure 10/34 · Low