{"api_version":"1","generated_at":"2026-04-23T02:35:59+00:00","cve":"CVE-2013-0270","urls":{"html":"https://cve.report/CVE-2013-0270","api":"https://cve.report/api/cve/CVE-2013-0270.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-0270","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-0270"},"summary":{"title":"Keystone: openstack keystone: denial of service via large http request with long tenant name","description":"A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.","state":"PUBLISHED","assigner":"redhat","published_at":"2013-04-12 22:55:01","updated_at":"2026-04-07 07:16:23"},"problem_types":["CWE-1284","CWE-119","CWE-1284 Improper Validation of Specified Quantity in Input"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://bugs.launchpad.net/keystone/+bug/1099025","name":"https://bugs.launchpad.net/keystone/+bug/1099025","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Bug #1099025 “block really large requests” : Bugs : OpenStack Identity (keystone)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://launchpad.net/keystone/grizzly/2013.1","name":"https://launchpad.net/keystone/grizzly/2013.1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"2013.1 \"grizzly\" : Series grizzly : Keystone","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8","name":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Limit the size of HTTP requests. · openstack/keystone@7691276 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2013-0270","name":"https://access.redhat.com/security/cve/CVE-2013-0270","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012","name":"https://bugzilla.redhat.com/show_bug.cgi?id=909012","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"909012 – (CVE-2013-0270) CVE-2013-0270 OpenStack Keystone: Large HTTP request DoS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html","name":"http://rhn.redhat.com/errata/RHSA-2013-0708.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc","name":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Merge \"Add size validations for /tokens.\" into stable/folsom · openstack/keystone@82c87e5 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-0270","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0270","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 13 (Queens)","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-02T15:03:35.327Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2013-04-12T22:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"270","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"2013.1","cpe7":"milestone1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"270","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"2013.1","cpe7":"milestone2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"270","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"2013.1","cpe7":"milestone3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"270","vulnerable":"1","versionEndIncluding":"2012.1.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"270","vulnerable":"1","versionEndIncluding":"2012.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2013","cve_id":"270","cve":"CVE-2013-0270","epss":"0.026810000","percentile":"0.858080000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T14:18:09.668Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://launchpad.net/keystone/grizzly/2013.1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"name":"RHSA-2013:0708","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:13"],"defaultStatus":"affected","packageName":"redhat-user-workloads/openstack-keystone","product":"Red Hat OpenStack Platform 13 (Queens)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:16.2"],"defaultStatus":"affected","packageName":"openstack-keystone","product":"Red Hat OpenStack Platform 16.2","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:16.2"],"defaultStatus":"affected","packageName":"redhat-user-workloads/openstack-keystone","product":"Red Hat OpenStack Platform 16.2","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:17.1"],"defaultStatus":"affected","packageName":"openstack-keystone","product":"Red Hat OpenStack Platform 17.1","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:17.1"],"defaultStatus":"affected","packageName":"redhat-user-workloads/openstack-keystone","product":"Red Hat OpenStack Platform 17.1","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:18.0"],"defaultStatus":"affected","packageName":"openstack-keystone","product":"Red Hat OpenStack Platform 18.0","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openstack:18.0"],"defaultStatus":"affected","packageName":"redhat-user-workloads/openstack-keystone","product":"Red Hat OpenStack Platform 18.0","vendor":"Red Hat"}],"datePublic":"2013-04-12T22:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1284","description":"Improper Validation of Specified Quantity in Input","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-07T06:55:17.958Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2013-0270"},{"url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012"},{"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"},{"url":"https://launchpad.net/keystone/grizzly/2013.1"}],"timeline":[{"lang":"en","time":"2026-04-02T15:03:35.327Z","value":"Reported to Red Hat."},{"lang":"en","time":"2013-04-12T22:00:00.000Z","value":"Made public."}],"title":"Keystone: openstack keystone: denial of service via large http request with long tenant name","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-1284: Improper Validation of Specified Quantity in Input"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-0270","datePublished":"2013-04-12T22:00:00.000Z","dateReserved":"2012-12-06T00:00:00.000Z","dateUpdated":"2026-04-07T06:55:17.958Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2013-04-12 22:55:01","lastModifiedDate":"2026-04-07 07:16:23","problem_types":["CWE-1284","CWE-119","CWE-1284 Improper Validation of Specified Quantity in Input"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","versionStartIncluding":"2012.1","versionEndIncluding":"2012.1.3","matchCriteriaId":"AE76C61F-B954-4861-9FA8-56D80F6E4DC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","versionStartIncluding":"2012.2","versionEndIncluding":"2012.2.4","matchCriteriaId":"95213D95-6636-4265-A68D-F5B990E95E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*","matchCriteriaId":"BFA7239D-3977-48E8-913A-1BEF326765BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*","matchCriteriaId":"80E947C9-3BB0-4143-8039-BFC97F0E9327"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*","matchCriteriaId":"D98E4B2C-CA20-4803-BE45-5DDE2D7068B3"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"270","Ordinal":"1","Title":"Keystone: openstack keystone: denial of service via large http r","CVE":"CVE-2013-0270","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"270","Ordinal":"1","NoteData":"A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.","Type":"Description","Title":"Keystone: openstack keystone: denial of service via large http r"},{"CveYear":"2013","CveId":"270","Ordinal":"2","NoteData":"2013-04-12","Type":"Other","Title":"Published"}]}}}