Published: 13/01/2016 Updated: 01/12/2016

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Swift3 prior to 1.9 allows remote malicious users to conduct replay attacks via an Authorization request that lacks a Date header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 23
openstack swift3

Debian Bug report logs - #822688 CVE-2015-8466: replay attack - date/date header unvalidated Package: swift-plugin-s3; Maintainer for swift-plugin-s3 is PKG OpenStack <openstack-devel@listsaliothdebianorg>; Source for swift-plugin-s3 is src:swift-plugin-s3 (PTS, buildd, popcon) Reported by: onovy@debianorg Date: Tue, 2 ...

It was discovered that the swift3 (S3 compatibility) middleware plugin for Swift performed insufficient validation of date headers which might result in replay attacks For the stable distribution (jessie), this problem has been fixed in version 17-5+deb8u1 For the testing distribution (stretch), this problem has been fixed in version 19-1 For ...

CWE-20 https://bugs.launchpad.net/swift3/+bug/1497424 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174374.html https://swiftstack.com/docs/admin/release.html https://github.com/openstack/swift3/blob/master/CHANGELOG http://www.debian.org/security/2016/dsa-3583 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822688 https://nvd.nist.gov https://www.debian.org/security/./dsa-3583

CVE-2015-8466

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect