OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
References
Link | Resource |
---|---|
http://secunia.com/advisories/61186 | Third Party Advisory |
http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html | Patch Vendor Advisory |
https://bugs.launchpad.net/horizon/+bug/1394370 | Issue Tracking Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | Mailing List Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0845.html | Broken Link |
http://rhn.redhat.com/errata/RHSA-2015-0839.html | Broken Link |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2014-12-12 07:59
Updated : 2023-02-12 16:43
NVD link : CVE-2014-8124
Mitre link : CVE-2014-8124
JSON object : View
CWE
CWE-400
Uncontrolled Resource Consumption
Products Affected
openstack
- horizon
opensuse
- opensuse
fedoraproject
- fedora
oracle
- solaris