Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2013-4179

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
openstack / havana - havana-2.x
openstack / havana havana-1 havana-1.x
openstack / compute 2013.1.3 2013.1.3.x
nova - 2013.2