CVE-2014-8124

Published: Dec 12, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.

Affected (5)

Products: Openstack: Horizon · Fedoraproject: Fedora · Opensuse: Opensuse · +1 more

Show all products

Openstack: Horizon · Fedoraproject: Fedora · Opensuse: Opensuse · Oracle: Solaris

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Horizon	From 2014.1 to 2014.1.3
Openstack Horizon	From 2014.2.0 to 2014.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.2

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (16)

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html

Source: secalert@redhat.com

PatchVendor Advisory

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0839.html

Source: secalert@redhat.com

Broken Link

http://rhn.redhat.com/errata/RHSA-2015-0845.html

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/61186

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: secalert@redhat.com

Third Party Advisory

https://bugs.launchpad.net/horizon/+bug/1394370

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0839.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://rhn.redhat.com/errata/RHSA-2015-0845.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/61186

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.launchpad.net/horizon/+bug/1394370

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.