CVE-2013-4202 in OpenStack and Canonical Products
Published on September 16, 2013

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2013-4202

stack.watch emails you whenever new vulnerabilities are published in OpenStack Cinder or Canonical Ubuntu Linux. Just hit a watch button to start following.

OpenStack Cinder

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.84%

Percentile

74.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-4202 in OpenStack and Canonical ProductsPublished on September 16, 2013

Products Associated with CVE-2013-4202

Exploit Probability

CVE-2013-4202 in OpenStack and Canonical Products
Published on September 16, 2013