OpenStack Keystone HTTP Request Processing Denial of Service
OpenStack Keystone HTTP Request Processing Denial of Service Vulnerability
Release Date : 2013-02-11
Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround
Software: OpenStack Keystone 2012.x
A vulnerability has been reported in OpenStack Keystone, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing HTTP requests and can be exploited to exhaust available memory via e.g. sending an overly long "tenant_name" within HTTP requests.
The vulnerability is reported in version Folsom (2012.2.1). Other versions may also be affected.
Fixed in the source code repository.
Provided and/or discovered by:
Dan Prince, Red Hat.