Vulnerability Description
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | >= 2014.2, <= 2014.2.3 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-1723.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1898.htmlThird Party Advisory
- http://www.securityfocus.com/bid/75372Third Party AdvisoryVDB Entry
- https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/Third Party Advisory
- https://launchpad.net/bugs/1387543Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-015.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1723.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1898.htmlThird Party Advisory
- http://www.securityfocus.com/bid/75372Third Party AdvisoryVDB Entry
- https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/Third Party Advisory
- https://launchpad.net/bugs/1387543Third Party Advisory
- https://security.openstack.org/ossa/OSSA-2015-015.htmlVendor Advisory
FAQ
What is CVE-2015-3241?
CVE-2015-3241 is a vulnerability with a CVSS score of 6.8 (MEDIUM). OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of s...
How severe is CVE-2015-3241?
CVE-2015-3241 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3241?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.