CVE-2014-3517

Published Aug 7, 2014

Last updated 2 years ago

Overview

Description: api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA51F598-3F53-4386-9953-8EAE0A6B41F0",
            "versionEndIncluding": "2013.2.4",
            "versionStartIncluding": "2013.2"
          },
          {
            "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D2AC947-3F65-408D-AC2D-A6FCA805EDF2",
            "versionEndExcluding": "2014.1.2",
            "versionStartIncluding": "2014.1"
          },
          {
            "criteria": "cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D7E080-7538-44C9-AF6D-43240967F72E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References