QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2101

Published: Jun 7, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

[openstack] 20120419 [OSSA 2012-005] No quota enforced on security group rules

mailing-list

x_refsource_MLIST

nova-quotas-dos(75243)

vdb-entry

x_refsource_XF

FEDORA-2012-6365

vendor-advisory

x_refsource_FEDORA

https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64

x_refsource_CONFIRM

FEDORA-2012-6273

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

https://bugs.launchpad.net/nova/+bug/969545

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.