Home > Vulnerability Database > CVE-2014-2573

Mend.io Vulnerability Database

CVE-2014-2573

Date: March 25, 2014

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

Language: Python

Severity Score

6.5

Related Resources (10)

Url: http://www.openwall.com/lists/oss-security/2014/03/21/1

Url: https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af

Url: http://secunia.com/advisories/57498

Url: https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9

Url: https://bugs.launchpad.net/nova/+bug/1269418

Url: https://github.com/openstack/nova

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-2573

Url: http://www.openwall.com/lists/oss-security/2014/03/21/2

Url: https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2014-2573

Severity Score

6.5

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.3
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-2573

Date: March 25, 2014

Language: Python

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?