CVE-2014-7960 : OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

Published 2014-10-17 15:55:07

Updated 2017-09-08 01:29:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-7960

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-7960

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-7960

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-7960

https://bugs.launchpad.net/swift/+bug/1365350

Bug #1365350 “[OSSA 2014-034] Metadata constraints defined in op...” : Bugs : OpenStack Object Storage (swift)
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96901

OpenStack Swift security bypass CVE-2014-7960 Vulnerability Report
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html

[security-announce] SUSE-SU-2015:1846-1: important: Security update for

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/10/08/7

oss-security - Re: CVE request for vulnerability in OpenStack Swift
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0836.html

RHSA-2015:0836 - Security Advisory - Red Hat Customer Portal
http://rhn.redhat.com/errata/RHSA-2015-0835.html

RHSA-2015:0835 - Security Advisory - Red Hat Customer Portal
http://www.securityfocus.com/bid/70279

OpenStack Swift CVE-2014-7960 Multiple Security Bypass Vulnerabilities
http://www.openwall.com/lists/oss-security/2014/10/07/39

oss-security - CVE request for vulnerability in OpenStack Swift
http://rhn.redhat.com/errata/RHSA-2015-1495.html

RHSA-2015:1495 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2704-1

USN-2704-1: Swift vulnerabilities | Ubuntu security notices

CVEs referencing this url

Products affected by CVE-2014-7960

Openstack » Swift
Versions up to, including, (<=) 2.1.0
cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-7960

Exploit prediction scoring system (EPSS) score for CVE-2014-7960

CVSS scores for CVE-2014-7960

CWE ids for CVE-2014-7960

References for CVE-2014-7960

Products affected by CVE-2014-7960