Vulnerability Description
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Neutron | >= 2014.2, < 2014.2.4 |
Related Weaknesses (CWE)
References
- http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1680.htmlVendor Advisory
- http://www.securityfocus.com/bid/75368Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/neutron/+bug/1461054Third Party Advisory
- http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1680.htmlVendor Advisory
- http://www.securityfocus.com/bid/75368Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/neutron/+bug/1461054Third Party Advisory
FAQ
What is CVE-2015-3221?
CVE-2015-3221 is a vulnerability with a CVSS score of 4.0 (MEDIUM). OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) b...
How severe is CVE-2015-3221?
CVE-2015-3221 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3221?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Neutron.