CVE-2014-5356

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):juno-2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):juno-1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.1.1:*:*:*:*:*:*:*

Information

Published : 2014-08-25 07:55

Updated : 2017-01-06 19:00


NVD link : CVE-2014-5356

Mitre link : CVE-2014-5356


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

openstack

  • image_registry_and_delivery_service_\(glance\)