CVE-2016-0737

Published on: 01/29/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Swift from Openstack contain the following vulnerability:

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

  • CVE-2016-0737 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Gerrit Code Review review.openstack.org
text/html
URL Logo CONFIRM review.openstack.org/#/c/217750/
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0155
2.4.0 : OpenStack Object Storage (swift) Vendor Advisory
launchpad.net
text/html
URL Logo CONFIRM launchpad.net/swift/+milestone/2.4.0
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0128
OpenStack Swift Multiple Denial of Service Vulnerabilities cve.report (archive)
text/html
URL Logo BID 81432
Bug #1466549 “Download DLO objects leak connections when client...” : Bugs : OpenStack Object Storage (swift) Vendor Advisory
bugs.launchpad.net
text/html
URL Logo CONFIRM bugs.launchpad.net/swift/+bug/1466549
OSSA-2016-004: Swift proxy-server DoS through Large Object — OpenStack Security Advisories 2014.2.0.dev101 documentation Patch
Vendor Advisory
security.openstack.org
text/html
URL Logo CONFIRM security.openstack.org/ossa/OSSA-2016-004.html
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0329

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpenstackSwiftAllAllAllAll
  • cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*: