CVE-2013-4261
EPSS 0.60%
Description
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
How to fix CVE-2013-4261
To remediate CVE-2013-4261, upgrade the affected package to a fixed version below.
- Debian/nova—upgrade to 2013.2-1 or later
Is CVE-2013-4261 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2013.2-1