CVE-2014-8177
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-1846.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-1845.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 6.0 | not-affected | |
| rhel | 7.0 | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | gluster_storage_management_console | 3.1 | |
| redhat | gluster_storage_server | 3.1 | |
| redhat | storage_native_client | - | |
References
- http://rhn.redhat.com/errata/RHSA-2015-1845.html
- http://rhn.redhat.com/errata/RHSA-2015-1846.html
- http://www.openwall.com/lists/oss-security/2015/08/27/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1257525
- http://rhn.redhat.com/errata/RHSA-2015-1845.html
- http://rhn.redhat.com/errata/RHSA-2015-1846.html
- http://www.openwall.com/lists/oss-security/2015/08/27/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1257525
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.