Skip to main content

Image Registry And Delivery Service Glance CVE-2014-9684

MEDIUM
Resource Management Errors (CWE-399)
2015-02-24 cve@mitre.org
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 24, 2015 - 15:59 cve.org
MEDIUM 4.0

DescriptionCVE.org

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

AnalysisAI

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-399. OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. Affected products include: Openstack Image Registry And Delivery Service \(Glance\). Version information: through 2014.2.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-1881 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9623 MEDIUM POC
4.0 Jan 23

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storag

CVE-2015-5286 MEDIUM
6.8 Oct 26

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated

CVE-2015-1195 MEDIUM
6.5 Jan 21

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows

CVE-2014-0162 MEDIUM
6.0 Apr 27

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse befor

CVE-2012-5482 MEDIUM
5.5 Nov 11

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2012-4573 MEDIUM
5.5 Nov 11

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2014-9493 MEDIUM
5.5 Jan 07

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenti

CVE-2015-5251 MEDIUM
5.5 Oct 26

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated u

CVE-2016-0757 MEDIUM
4.3 Apr 13

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations

CVE-2013-0212 MEDIUM
4.0 Feb 24

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single te

CVE-2014-5356 MEDIUM
4.0 Aug 25

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3,

Share

CVE-2014-9684 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy