Published: 23/07/2014 Updated: 13/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

OpenStack Neutron prior to 2013.2.4, 2014.x prior to 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack neutron 2014.1
openstack neutron 2014.1.1
openstack neutron juno-1
openstack neutron 2013.2.4

Debian Bug report logs - #755134 CVE-2014-3555: Denial of Service in Neutron allowed address pair Package: neutron; Maintainer for neutron is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Fri, 18 Jul 2014 02:33:01 UTC Severity: normal Tags: patch, security ...

OpenStack Neutron could be made to expose sensitive information or crash ...

CWE-264 http://seclists.org/oss-sec/2014/q3/200 http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html http://www.securityfocus.com/bid/68765 https://bugs.launchpad.net/neutron/+bug/1336207 http://rhn.redhat.com/errata/RHSA-2014-1120.html http://rhn.redhat.com/errata/RHSA-2014-1119.html http://secunia.com/advisories/60804 http://secunia.com/advisories/60766 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755134 https://usn.ubuntu.com/2321-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3555

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect