CVE-2014-7960

Published: Oct 17, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

Affected (1)

Products: Openstack: Swift

Openstack

1 product

Swift

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Swift	Up to 2.1.0

Related CWEs

CWE-399

References (22)

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0835.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0836.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1495.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/10/07/39

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/10/08/7

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/70279

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2704-1

Source: cve@mitre.org

https://bugs.launchpad.net/swift/+bug/1365350

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/96901

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html