CVE-2013-2014

Publication date 2 June 2014

Last updated 24 July 2024

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
keystone	13.04 raring	Not affected
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

Upstream is not backporting the sizelimit middleware to Folsom or Essex because it is too intrusive requires keystone to be directly exposed to incoming POST messages and not protected by a proxy see https://bugs.launchpad.net/ossn/+bug/1155566/comments/14 for mitigation strategies

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2013-2014