Published: 20/08/2013 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows malicious users to trigger invalid or spoofed Swift responses via an account name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 12.3
openstack grizzly -
openstack folsom -
openstack havana -

Multiple security issues were fixed in OpenStack Swift ...

Debian Bug report logs - #712202 swift: CVE-2013-2161: Unchecked user input in Swift XML responses Package: swift; Maintainer for swift is Debian OpenStack <team+openstack@trackerdebianorg>; Source for swift is src:swift (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 14 Jun 2 ...

Debian Bug report logs - #719008 swift: CVE-2013-4155: Swift Denial of Service using superfluous object tombstones Package: swift; Maintainer for swift is Debian OpenStack <team+openstack@trackerdebianorg>; Source for swift is src:swift (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...

Several vulnerabilities have been discovered in Swift, the Openstack object storage The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2161 Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers Account strings were unescaped in xml listings, and an a ...

CWE-94 http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html http://www.debian.org/security/2012/dsa-2737 http://rhn.redhat.com/errata/RHSA-2013-0993.html http://www.openwall.com/lists/oss-security/2013/06/13/4 https://bugs.launchpad.net/swift/+bug/1183884 https://usn.ubuntu.com/1887-1/https://nvd.nist.gov

CVE-2013-2161

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect