What is the severity of CVE-2013-0247?

CVE-2013-0247 is classified as a denial of service vulnerability.

How does CVE-2013-0247 affect OpenStack Keystone?

CVE-2013-0247 allows remote attackers to cause disk consumption by creating excessive log entries through invalid token requests.

Which versions of OpenStack Keystone are affected by CVE-2013-0247?

CVE-2013-0247 affects OpenStack Keystone versions 2012.1.3 and earlier, 2012.2.3 and earlier, and 2013.1.2 and earlier.

How can I mitigate the impact of CVE-2013-0247?

Mitigation for CVE-2013-0247 can involve limiting the rate of token requests and controlling log generation.

Is there a patch available for CVE-2013-0247?

You should upgrade to a version of OpenStack Keystone that is later than 2013.1.2 to address CVE-2013-0247.

Vulnerability/
CVE-2013-0247

medium

CWE

399

31/1/2013

24/2/2013

6/8/2024

CVE-2013-0247

First published: Thu Jan 31 2013(Updated: )

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
OpenStack keystonemiddleware	>=2012.1<=2012.1.3
OpenStack keystonemiddleware	>=2012.2<=2012.2.3
OpenStack keystonemiddleware	>=2013.1<=2013.1.2
Ubuntu	=12.04
Ubuntu	=12.10

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=906171

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-0247?
CVE-2013-0247 is classified as a denial of service vulnerability.
How does CVE-2013-0247 affect OpenStack Keystone?
CVE-2013-0247 allows remote attackers to cause disk consumption by creating excessive log entries through invalid token requests.
Which versions of OpenStack Keystone are affected by CVE-2013-0247?
CVE-2013-0247 affects OpenStack Keystone versions 2012.1.3 and earlier, 2012.2.3 and earlier, and 2013.1.2 and earlier.
How can I mitigate the impact of CVE-2013-0247?
Mitigation for CVE-2013-0247 can involve limiting the rate of token requests and controlling log generation.
Is there a patch available for CVE-2013-0247?
You should upgrade to a version of OpenStack Keystone that is later than 2013.1.2 to address CVE-2013-0247.

agent/type
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/remedy
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-0247
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/openstack
canonical/openstack keystonemiddleware
version/openstack keystonemiddleware/2012.1
version/openstack keystonemiddleware/2012.1.3
version/openstack keystonemiddleware/2012.2
version/openstack keystonemiddleware/2012.2.3
version/openstack keystonemiddleware/2013.1
version/openstack keystonemiddleware/2013.1.2
vendor/canonical
canonical/ubuntu
version/ubuntu/12.04
version/ubuntu/12.10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.