Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-4202

Published: 16/09/2013 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Cinder

Vulnerability Summary

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and previous versions allows remote malicious users to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Vulnerable Product Search on Vulmon Subscribe to Product

openstack cinder

canonical ubuntu linux 13.04

Vendor Advisories

Red Hat: Moderate: openstack-cinder security update
Synopsis Moderate: openstack-cinder security update Type/Severity Security Advisory: Moderate Topic Updated openstack-cinder packages that fix two security issues are nowavailable for Red Hat OpenStack 30The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vul ...
Ubuntu Security Notice: cinder vulnerabilities
Cinder could be made to crash or expose sensitive information ...
Debian CVElist Bug Report Logs: cinder: CVE-2013-4183: Cinder LVM volume driver does not support secure deletion
Debian Bug report logs - #719010 cinder: CVE-2013-4183: Cinder LVM volume driver does not support secure deletion Package: cinder; Maintainer for cinder is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Aug 2013 18:12:02 UTC Severity: importan ...
Debian CVElist Bug Report Logs: CVE-2013-4202: DoS using XML entities in extensions
Debian Bug report logs - #719118 CVE-2013-4202: DoS using XML entities in extensions Package: cinder; Maintainer for cinder is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Thu, 8 Aug 2013 14:15:01 UTC Severity: important Tags: patch, security Found in ver ...
Red Hat: CVE-2013-4202
The (1) backup (api/contrib/backupspy) and (2) volume transfer (contrib/volume_transferpy) APIs in OpenStack Cinder Grizzly 201313 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack NOTE: this issue is due to an incomplete fix for CVE-2013-1664 ...

References

CWE-399http://rhn.redhat.com/errata/RHSA-2013-1198.htmlhttps://bugs.launchpad.net/ossa/+bug/1190229http://www.ubuntu.com/usn/USN-2005-1https://access.redhat.com/errata/RHSA-2013:1198https://usn.ubuntu.com/2005-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4202
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook