Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2015-0259

OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.0%
CVSS Severity
CVSS v2 Score 5.1
Products affected by CVE-2015-0259
  • Openstack » Nova » Version: 2014.1
    cpe:2.3:a:openstack:nova:2014.1
  • Openstack » Nova » Version: 2014.1.0
    cpe:2.3:a:openstack:nova:2014.1.0
  • Openstack » Nova » Version: 2014.1.1
    cpe:2.3:a:openstack:nova:2014.1.1
  • Openstack » Nova » Version: 2014.1.2
    cpe:2.3:a:openstack:nova:2014.1.2
  • Openstack » Nova » Version: 2014.1.3
    cpe:2.3:a:openstack:nova:2014.1.3
  • Openstack » Nova » Version: 2014.2
    cpe:2.3:a:openstack:nova:2014.2
  • Openstack » Nova » Version: 2014.2.0
    cpe:2.3:a:openstack:nova:2014.2.0
  • Openstack » Nova » Version: 2014.2.1
    cpe:2.3:a:openstack:nova:2014.2.1
  • Openstack » Nova » Version: 2014.2.2
    cpe:2.3:a:openstack:nova:2014.2.2
  • Openstack » Nova » Version: 2015.1.0
    cpe:2.3:a:openstack:nova:2015.1.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved