Back to search
CVE-2014-8124
Published: Dec 12, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.launchpad.net/horizon/+bug/1394370
x_refsource_CONFIRM
61186
third-party-advisory
x_refsource_SECUNIA
RHSA-2015:0845
vendor-advisory
x_refsource_REDHAT
[openstack-announce] 20141209 [OSSA 2014-040] Horizon denial of service attack through login page (CVE-2014-8124)
mailing-list
x_refsource_MLIST
FEDORA-2014-17177
vendor-advisory
x_refsource_FEDORA
RHSA-2015:0839
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2015:0078
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now