Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2016-9185

Published: 04/11/2016 Updated: 05/01/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Heat

Vulnerability Summary

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack heat 7.0.0

openstack heat 6.0.0

openstack heat 6.1.0

openstack heat 5.0.3

Vendor Advisories

Debian CVElist Bug Report Logs: heat: CVE-2016-9185: template source URL allows network port scan
Debian Bug report logs - #843232 heat: CVE-2016-9185: template source URL allows network port scan Package: src:heat; Maintainer for src:heat is Debian OpenStack &lt;team+openstack@trackerdebianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Sat, 5 Nov 2016 10:57:01 UTC Severity: grave Tags: fixed-u ...
Red Hat: Low: openstack-heat security and bug fix update
Synopsis Low: openstack-heat security and bug fix update Type/Severity Security Advisory: Low Topic An update for openstack-heat is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring Sys ...
Red Hat: Low: openstack-heat security and bug fix update
Synopsis Low: openstack-heat security and bug fix update Type/Severity Security Advisory: Low Topic An update for openstack-heat is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Low A Common ...
Red Hat: Moderate: openstack-heat security and bug fix update
Synopsis Moderate: openstack-heat security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-heat is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabili ...
Red Hat: CVE-2016-9185
An information-leak vulnerability was found in the OpenStack Orchestration (heat) service Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services ...

References

CWE-200https://bugs.launchpad.net/ossa/+bug/1606500http://www.securityfocus.com/bid/94205https://access.redhat.com/errata/RHSA-2017:1464https://access.redhat.com/errata/RHSA-2017:1456https://access.redhat.com/errata/RHSA-2017:1450https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843232https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2017:1456https://access.redhat.com/security/cve/cve-2016-9185
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook