openstack-keystone: denial of service
| Package(s): | openstack-keystone | CVE #(s): | CVE-2013-2014 | ||||
| Created: | July 22, 2013 | Updated: | July 24, 2013 | ||||
| Description: | From the Red Hat bugzilla:
Yaguang Tang reports: concurrent requests with large POST body can crash the keystone process. this can be used by Malicious and lead to DOS to Cloud Service Provider. The OpenStack project has confirmed: Concurrent Keystone POST requests with large body messages are held in memory without filtering or rate limiting, this can lead to resource exhaustion on the Keystone server. | ||||||
| Alerts: |
| ||||||