CVE-2013-4202

Published: Sep 16, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Affected (2)

Products: Openstack: Cinder · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Cinder	From 2013.1 to 2013.1.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 13.04

Related CWEs

References (6)

http://rhn.redhat.com/errata/RHSA-2013-1198.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.ubuntu.com/usn/USN-2005-1

Source: secalert@redhat.com

Third Party Advisory

https://bugs.launchpad.net/ossa/+bug/1190229

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1198.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.ubuntu.com/usn/USN-2005-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.launchpad.net/ossa/+bug/1190229

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.