[Openstack-devel] Bug#708515: Bug #708515 in Debian
Thierry Carrez
thierry at openstack.org
Mon Jun 3 09:01:40 UTC 2013
Thomas Goirand wrote:
> I was wondering if you could help me here. I'm worried about this new
> bug in Debian:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
The CVE and bug are lacking a bit of information, but it really looks
like a duplicate of Debian bug 700240 (CVE-2013-0270): large POST
requests consuming server memory/CPU. Both would be mitigated by a
request-limiting front-end (for Folsom and before) or the sizelimit
middleware (for Grizzly and after), which were suggested as workarounds
for CVE-2013-0270 already.
> Already CVE-2013-0247 and CVE-2013-0270 were duplicates. Is it possible
> that CVE-2013-2014 is also a duplicate of the same issue?
CVE-2013-0247 is not a duplicate of CVE-2013-0270.
CVE-2013-0270: Large POST consuming memory/CPU
CVE-2013-0247: Malicious POST to /tokens consuming disk space
Hope this helps,
--
Thierry Carrez (ttx)
OpenStack Vulnerability Management Team
More information about the Openstack-devel
mailing list