Vulnerabilities > CVE-2014-9623 - Resource Management Errors vulnerability in multiple products

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
redhat
openstack
CWE-399
NVD
Published: 2015-01-23
Updated: 2016-12-07

Summary

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Vulnerable Configurations

Part Description Count
Application
Redhat
1
Application
Openstack
14

Common Weakness Enumeration (CWE)

Redhat

advisories
  • rhsa
    idRHSA-2015:0644
  • rhsa
    idRHSA-2015:0837
  • rhsa
    idRHSA-2015:0838
rpms
  • openstack-glance-0:2014.2.2-1.el7ost
  • openstack-glance-doc-0:2014.2.2-1.el7ost
  • python-glance-0:2014.2.2-1.el7ost
  • python-glanceclient-1:0.14.2-2.el7ost
  • python-glanceclient-doc-1:0.14.2-2.el7ost
  • openstack-glance-0:2014.1.4-1.el7ost
  • openstack-glance-doc-0:2014.1.4-1.el7ost
  • python-glance-0:2014.1.4-1.el7ost
  • openstack-glance-0:2014.1.4-1.el6ost
  • openstack-glance-doc-0:2014.1.4-1.el6ost
  • python-glance-0:2014.1.4-1.el6ost

References