CVE-2015-5295 — MEDIUM (5.4)

Q: How severe is CVE-2015-5295?

CVE-2015-5295 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5295?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Orchestration Api, Redhat Openstack, Fedoraproject Fedora, Oracle Solaris.

Vulnerability Description

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Openstack	Orchestration Api	>= 5.0.0, < 5.0.1
Redhat	Openstack	7.0
Fedoraproject	Fedora	23
Oracle	Solaris	11.3

Related Weaknesses (CWE)

CWE-119

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176700.hMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0266.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
http://www.securityfocus.com/bid/81438Third Party AdvisoryVDB Entry
https://bugs.launchpad.net/heat/+bug/1496277PatchThird Party Advisory
https://security.openstack.org/ossa/OSSA-2016-003.htmlVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176700.hMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0266.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
http://www.securityfocus.com/bid/81438Third Party AdvisoryVDB Entry
https://bugs.launchpad.net/heat/+bug/1496277PatchThird Party Advisory
https://security.openstack.org/ossa/OSSA-2016-003.htmlVendor Advisory

FAQ

What is CVE-2015-5295?

CVE-2015-5295 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consu...

How severe is CVE-2015-5295?

CVE-2015-5295 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5295?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Orchestration Api, Redhat Openstack, Fedoraproject Fedora, Oracle Solaris.