OpenStack Compute (Nova) Resource Exhaustion Denial
OpenStack Compute (Nova) Resource Exhaustion Denial of Service Vulnerability
Release Date : 2012-03-30
Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround
Software: OpenStack Compute (Nova) 2011.x
A vulnerability has been reported in OpenStack Compute (Nova), which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the nova-api component when processing PUT and POST requests containing long server names. This can be exploited to grow log files and exhaust system resources via specially crafted HTTP requests.
The vulnerability is reported in version 2011.3. Other versions may also be affected.
Fixed in the GIT repository.
Provided and/or discovered by:
Red Hat credits Dan Prince.