NVD Vulnerability Detail

CVE-2014-8124

Summary	OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
Publication Date	Dec. 13, 2014, 12:59 a.m.
Registration Date	Jan. 26, 2021, 3:19 p.m.
Last Update	Nov. 21, 2024, 11:18 a.m.

Affected software configurations

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:21:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:oracle:solaris:11.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html	Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html	Third Party Advisory
3	http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html	Patch Vendor Advisory
4	http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html	Patch Vendor Advisory
5	http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html	Mailing List Third Party Advisory
7	http://rhn.redhat.com/errata/RHSA-2015-0839.html	Broken Link
8	http://rhn.redhat.com/errata/RHSA-2015-0839.html	Broken Link
9	http://rhn.redhat.com/errata/RHSA-2015-0845.html	Broken Link
10	http://rhn.redhat.com/errata/RHSA-2015-0845.html	Broken Link
11	http://secunia.com/advisories/61186	Third Party Advisory
12	http://secunia.com/advisories/61186	Third Party Advisory
13	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Third Party Advisory
14	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Third Party Advisory
15	https://bugs.launchpad.net/horizon/+bug/1394370	Issue Tracking Third Party Advisory
16	https://bugs.launchpad.net/horizon/+bug/1394370	Issue Tracking Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html

JVN Vulnerability Information

OpenStack Dashboard におけるサービス運用妨害 (DoS) の脆弱性

Title	OpenStack Dashboard におけるサービス運用妨害 (DoS) の脆弱性
Summary	OpenStack Dashboard (Horizon) は、データベースまたは memcached セッションエンジンを使用する場合、セッションレコードを適切に処理しないため、サービス運用妨害 (DoS) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、ログインページへの大量のリクエストを介して、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 20, 2014, midnight
Registration Date	Dec. 16, 2014, 3:24 p.m.
Last Update	June 4, 2015, 6 p.m.

Affected System

オラクル

Oracle Solaris 11.2

OpenStack

OpenStack Horizon 2014.1.3 未満

OpenStack Horizon 2014.2.1 未満の 2014.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-8124	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8124
National Vulnerability Database (NVD)
2	CVE-2014-8124	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8124

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Launchpad
1	Bug #1394370	https://bugs.launchpad.net/horizon/+bug/1394370
OpenStack Security Advisories
2	[OSSA 2014-040] Horizon denial of service attack through login page (CVE-2014-8124)	http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html
Oracle Technology Network
3	Oracle Third Party Bulletin - January 2015	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Red Hat Security Advisory
4	RHSA-2015:0839	http://rhn.redhat.com/errata/RHSA-2015-0839.html
5	RHSA-2015:0845	http://rhn.redhat.com/errata/RHSA-2015-0845.html

Change Log

No	Changed Details	Date of change
0	[2014年12月16日] 掲載 [2015年03月02日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Third Party Bulletin - January 2015) を追加 [2015年06月04日] ベンダ情報：レッドハット (RHSA-2015:0839) を追加ベンダ情報：レッドハット (RHSA-2015:0845) を追加	Feb. 17, 2018, 10:37 a.m.