CVE-2013-0247

Description

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

How to fix CVE-2013-0247

To remediate CVE-2013-0247, upgrade the affected package to a fixed version below.

• Debian/keystone—upgrade to 2012.1.1-12 or later

Is CVE-2013-0247 being exploited?

Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2012.1.1-12

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-0247