CVE-2014-7960 - Vulnerability Details

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Swift
Redhat	Openstack Storage

Configuration 1 [-]

cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Native Client for RHEL 5 for Red Hat Storage
glusterfs-0:3.7.1-11.el5	cpe:/a:redhat:storage:2:client:el5	RHSA-2015:1495	2015-07-29T00:00:00Z
Native Client for RHEL 6 for Red Hat Storage
glusterfs-0:3.7.1-11.el6	cpe:/a:redhat:storage:3:client:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6
openstack-swift-0:1.13.1-4.el6ost	cpe:/a:redhat:openstack:5::el6	RHSA-2015:0836	2015-04-16T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7
openstack-swift-0:1.13.1-4.el7ost	cpe:/a:redhat:openstack:5::el7	RHSA-2015:0835	2015-04-16T00:00:00Z
Red Hat Gluster Storage 3.1 for RHEL 6
augeas-0:1.0.0-10.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
check-mk-0:1.2.6p1-3.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
clufter-0:0.11.2-1.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
cluster-0:3.0.12.1-73.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
clustermon-0:0.16.2-31.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
corosync-0:1.4.7-2.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
ctdb2.5-0:2.5.5-7.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
fence-virt-0:0.2.3-19.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
glusterfs-0:3.7.1-11.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
gluster-nagios-addons-0:0.2.4-4.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
gluster-nagios-common-0:0.2.0-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
gstatus-0:0.64-3.1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
libqb-0:0.17.1-1.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
libtalloc-0:2.1.1-4.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
libvirt-0:0.10.2-54.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
nagios-plugins-0:1.4.16-12.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
nagios-server-addons-0:0.2.1-4.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
nfs-ganesha-0:2.2.0-5.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
nrpe-0:2.15-4.1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
openais-0:1.1.1-7.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
openstack-swift-0:1.13.1-4.el6ost	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
pacemaker-0:1.1.12-8.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
pcs-0:0.9.139-9.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
pnp4nagios-0:0.6.22-2.1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
pynag-0:0.9.1-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-blivet-1:1.0.0.2-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-cpopen-0:1.3-4.el6_5	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-eventlet-0:0.14.0-1.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-greenlet-0:0.4.2-1.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-keystoneclient-1:0.9.0-5.el6ost	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-prettytable-0:0.7.2-1.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
python-pyudev-0:0.15-2.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
redhat-storage-logos-0:60.0.20-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
redhat-storage-server-0:3.1.0.3-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
resource-agents-0:3.9.5-24.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
ricci-0:0.16.2-81.el6	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
userspace-rcu-0:0.7.9-2.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z
vdsm-0:4.16.20-1.2.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1495	2015-07-29T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html
http://rhn.redhat.com/errata/RHSA-2015-0835.html
http://rhn.redhat.com/errata/RHSA-2015-0836.html
http://rhn.redhat.com/errata/RHSA-2015-1495.html
http://www.openwall.com/lists/oss-security/2014/10/07/39
http://www.openwall.com/lists/oss-security/2014/10/08/7
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/70279
http://www.ubuntu.com/usn/USN-2704-1
https://bugs.launchpad.net/swift/+bug/1365350
https://exchange.xforce.ibmcloud.com/vulnerabilities/96901
https://nvd.nist.gov/vuln/detail/CVE-2014-7960
https://www.cve.org/CVERecord?id=CVE-2014-7960

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-17T15:00:00

Updated: 2024-08-06T13:03:27.675Z

Reserved: 2014-10-07T00:00:00

Link: CVE-2014-7960

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-17T15:55:06.713

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-7960

Redhat

Severity : Moderate

Publid Date: 2014-09-04T00:00:00Z

Links: CVE-2014-7960 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2015:1846", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"}, {"name": "[oss-security] 20141008 Re: CVE request for vulnerability in OpenStack Swift", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/swift/+bug/1365350"}, {"name": "RHSA-2015:1495", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"name": "RHSA-2015:0835", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html"}, {"name": "openstack-swift-cve20147960-sec-bypass(96901)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901"}, {"name": "[oss-security] 20141007 CVE request for vulnerability in OpenStack Swift", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "USN-2704-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2704-1"}, {"name": "70279", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70279"}, {"name": "RHSA-2015:0836", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7960", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2015:1846", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"}, {"name": "[oss-security] 20141008 Re: CVE request for vulnerability in OpenStack Swift", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7"}, {"name": "https://bugs.launchpad.net/swift/+bug/1365350", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/swift/+bug/1365350"}, {"name": "RHSA-2015:1495", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"name": "RHSA-2015:0835", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html"}, {"name": "openstack-swift-cve20147960-sec-bypass(96901)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901"}, {"name": "[oss-security] 20141007 CVE request for vulnerability in OpenStack Swift", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "USN-2704-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2704-1"}, {"name": "70279", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70279"}, {"name": "RHSA-2015:0836", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.675Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2015:1846", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"}, {"name": "[oss-security] 20141008 Re: CVE request for vulnerability in OpenStack Swift", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/swift/+bug/1365350"}, {"name": "RHSA-2015:1495", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"name": "RHSA-2015:0835", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html"}, {"name": "openstack-swift-cve20147960-sec-bypass(96901)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901"}, {"name": "[oss-security] 20141007 CVE request for vulnerability in OpenStack Swift", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "USN-2704-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2704-1"}, {"name": "70279", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70279"}, {"name": "RHSA-2015:0836", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-7960", "datePublished": "2014-10-17T15:00:00", "dateReserved": "2014-10-07T00:00:00", "dateUpdated": "2024-08-06T13:03:27.675Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "matchCriteriaId": "47DD32D7-6851-443D-B97D-A1E6D2E8CDB2", "versionEndIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined."}, {"lang": "es", "value": "OpenStack Object Storage (Swift) anterior a 2.2.0 permite a usuarios remotos autenticados evadir las restricciones max_meta_count y otros metadatos a trav\u00e9s de m\u00falitples peticiones manipuladas que exceden el l\u00edmite cuando \u00e9stas se combinan."}], "id": "CVE-2014-7960", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-17T15:55:06.713", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/70279"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2704-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/swift/+bug/1365350"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2704-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/swift/+bug/1365350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:2:client:el5", "package": "glusterfs-0:3.7.1-11.el5", "product_name": "Native Client for RHEL 5 for Red Hat Storage", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3:client:el6", "package": "glusterfs-0:3.7.1-11.el6", "product_name": "Native Client for RHEL 6 for Red Hat Storage", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:0836", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-swift-0:1.13.1-4.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0835", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-swift-0:1.13.1-4.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "augeas-0:1.0.0-10.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "check-mk-0:1.2.6p1-3.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "clufter-0:0.11.2-1.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "cluster-0:3.0.12.1-73.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "clustermon-0:0.16.2-31.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "corosync-0:1.4.7-2.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "ctdb2.5-0:2.5.5-7.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "fence-virt-0:0.2.3-19.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "glusterfs-0:3.7.1-11.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gluster-nagios-addons-0:0.2.4-4.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gluster-nagios-common-0:0.2.0-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gstatus-0:0.64-3.1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "libqb-0:0.17.1-1.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "libtalloc-0:2.1.1-4.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "libvirt-0:0.10.2-54.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "nagios-plugins-0:1.4.16-12.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "nagios-server-addons-0:0.2.1-4.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "nfs-ganesha-0:2.2.0-5.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "nrpe-0:2.15-4.1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "openais-0:1.1.1-7.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "openstack-swift-0:1.13.1-4.el6ost", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "pacemaker-0:1.1.12-8.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "pcs-0:0.9.139-9.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "pnp4nagios-0:0.6.22-2.1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "pynag-0:0.9.1-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-blivet-1:1.0.0.2-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-cpopen-0:1.3-4.el6_5", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-eventlet-0:0.14.0-1.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-greenlet-0:0.4.2-1.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-keystoneclient-1:0.9.0-5.el6ost", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-prettytable-0:0.7.2-1.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "python-pyudev-0:0.15-2.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "redhat-storage-logos-0:60.0.20-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "redhat-storage-server-0:3.1.0.3-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "resource-agents-0:3.9.5-24.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "ricci-0:0.16.2-81.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "userspace-rcu-0:0.7.9-2.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}, {"advisory": "RHSA-2015:1495", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "vdsm-0:4.16.20-1.2.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-07-29T00:00:00Z"}], "bugzilla": {"description": "openstack-swift: Swift metadata constraints are not correctly enforced", "id": "1150461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150461"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-400", "details": ["OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.", "A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration."], "name": "CVE-2014-7960", "package_state": [{"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 4"}], "public_date": "2014-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-7960\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7960"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object