Vulnerability Details CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.7%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://seclists.org/oss-sec/2016/q4/266
- http://www.securityfocus.com/bid/94378
- http://www.securitytracker.com/id/1037312
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384
- http://seclists.org/oss-sec/2016/q4/266
- http://www.securityfocus.com/bid/94378
- http://www.securitytracker.com/id/1037312
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384
Products affected by CVE-2016-8611
-
cpe:2.3:a:openstack:glance:0.1.7
-
cpe:2.3:a:openstack:glance:1.0
-
cpe:2.3:a:openstack:glance:11.0.0
-
cpe:2.3:a:openstack:glance:11.0.1
-
cpe:2.3:a:openstack:glance:11.0.2
-
cpe:2.3:a:openstack:glance:12.0.0
-
cpe:2.3:a:openstack:glance:13.0.0
-
cpe:2.3:a:openstack:glance:14.0.0
-
cpe:2.3:a:openstack:glance:14.0.1
-
cpe:2.3:a:openstack:glance:15.0.0
-
cpe:2.3:a:openstack:glance:15.0.1
-
cpe:2.3:a:openstack:glance:15.0.2
-
cpe:2.3:a:openstack:glance:16.0.0
-
cpe:2.3:a:openstack:glance:16.0.1
-
cpe:2.3:a:openstack:glance:17.0.0
-
cpe:2.3:a:openstack:glance:18.0.0
-
cpe:2.3:a:openstack:glance:19.0.0
-
cpe:2.3:a:openstack:glance:19.0.1
-
cpe:2.3:a:openstack:glance:19.0.2
-
cpe:2.3:a:openstack:glance:19.0.3
-
cpe:2.3:a:openstack:glance:19.0.4
-
cpe:2.3:a:openstack:glance:2.0
-
cpe:2.3:a:openstack:glance:20.0.0
-
cpe:2.3:a:openstack:glance:20.0.0.0
-
cpe:2.3:a:openstack:glance:20.0.1
-
cpe:2.3:a:openstack:glance:20.1.0
-
cpe:2.3:a:openstack:glance:2011.2
-
cpe:2.3:a:openstack:glance:2011.3
-
cpe:2.3:a:openstack:glance:2011.3.1
-
cpe:2.3:a:openstack:glance:2012.1
-
cpe:2.3:a:openstack:glance:2012.1.1
-
cpe:2.3:a:openstack:glance:2012.1.2
-
cpe:2.3:a:openstack:glance:2012.2
-
cpe:2.3:a:openstack:glance:2012.2.1
-
cpe:2.3:a:openstack:glance:2012.2.2
-
cpe:2.3:a:openstack:glance:2012.2.3
-
cpe:2.3:a:openstack:glance:2012.2.4
-
cpe:2.3:a:openstack:glance:2013.1
-
cpe:2.3:a:openstack:glance:2013.1.1
-
cpe:2.3:a:openstack:glance:2013.1.2
-
cpe:2.3:a:openstack:glance:2013.1.3
-
cpe:2.3:a:openstack:glance:2013.1.4
-
cpe:2.3:a:openstack:glance:2013.1.5
-
cpe:2.3:a:openstack:glance:2013.2
-
cpe:2.3:a:openstack:glance:2013.2.1
-
cpe:2.3:a:openstack:glance:2013.2.2
-
cpe:2.3:a:openstack:glance:2013.2.3
-
cpe:2.3:a:openstack:glance:2013.2.4
-
cpe:2.3:a:openstack:glance:2014.1
-
cpe:2.3:a:openstack:glance:2014.1.1
-
cpe:2.3:a:openstack:glance:2014.1.2
-
cpe:2.3:a:openstack:glance:2014.1.3
-
cpe:2.3:a:openstack:glance:2014.1.4
-
cpe:2.3:a:openstack:glance:2014.1.5
-
cpe:2.3:a:openstack:glance:2014.2
-
cpe:2.3:a:openstack:glance:2014.2.1
-
cpe:2.3:a:openstack:glance:2014.2.2
-
cpe:2.3:a:openstack:glance:2014.2.3
-
cpe:2.3:a:openstack:glance:2014.2.4
-
cpe:2.3:a:openstack:glance:2015.1.0
-
cpe:2.3:a:openstack:glance:2015.1.1
-
cpe:2.3:a:openstack:glance:2015.1.2
-
cpe:2.3:a:openstack:glance:2015.1.3
-
cpe:2.3:a:openstack:glance:2015.1.4
-
cpe:2.3:a:openstack:glance:21.0.0
-
cpe:2.3:a:openstack:glance:21.0.0.0
-
cpe:2.3:a:openstack:glance:22.0.0
-
cpe:2.3:a:openstack:glance:22.0.0.0
-
cpe:2.3:a:openstack:glance:22.1.0
-
cpe:2.3:a:openstack:glance:23.0.0
-
cpe:2.3:a:openstack:glance:23.0.0.0
-
cpe:2.3:a:openstack:glance:24.0.0
-
cpe:2.3:a:openstack:glance:24.0.0.0
-
cpe:2.3:a:openstack:glance:24.1.0
-
cpe:2.3:a:openstack:glance:24.1.1
-
cpe:2.3:a:openstack:glance:24.2.0
-
cpe:2.3:a:openstack:glance:25.0.0
-
cpe:2.3:a:openstack:glance:25.0.0.0
-
cpe:2.3:a:openstack:glance:25.1.0
-
cpe:2.3:a:openstack:glance:26.0.0.0
-
cpe:2.3:a:openstack:glance:26.0.1
-
cpe:2.3:a:openstack:glance:27.0.0
-
cpe:2.3:a:openstack:glance:28.0.0
-
cpe:2.3:a:openstack:glance:28.0.2
-
cpe:2.3:a:openstack:glance:mitaka