{"containers": {"cna": {"title": "Keystone: openstack keystone: denial of service via large http request with long tenant name", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-user-workloads/openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-user-workloads/openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-user-workloads/openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 18.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:18.0"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 18.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-user-workloads/openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:18.0"]}], "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"}, {"url": "https://access.redhat.com/security/cve/CVE-2013-0270", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugs.launchpad.net/keystone/+bug/1099025"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"}, {"url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"}, {"url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"}, {"url": "https://launchpad.net/keystone/grizzly/2013.1"}], "datePublic": "2013-04-12T22:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-04-02T15:03:35.327Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2013-04-12T22:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-07T06:55:17.958Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.668Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/keystone/grizzly/2013.1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/keystone/+bug/1099025"}, {"name": "RHSA-2013:0708", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0270", "state": "PUBLISHED", "dateReserved": "2012-12-06T00:00:00.000Z", "datePublished": "2013-04-12T22:00:00.000Z", "dateUpdated": "2026-04-07T06:55:17.958Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE76C61F-B954-4861-9FA8-56D80F6E4DC4", "versionEndIncluding": "2012.1.3", "versionStartIncluding": "2012.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "matchCriteriaId": "95213D95-6636-4265-A68D-F5B990E95E0C", "versionEndIncluding": "2012.2.4", "versionStartIncluding": "2012.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*", "matchCriteriaId": "BFA7239D-3977-48E8-913A-1BEF326765BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*", "matchCriteriaId": "80E947C9-3BB0-4143-8039-BFC97F0E9327", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*", "matchCriteriaId": "D98E4B2C-CA20-4803-BE45-5DDE2D7068B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."}, {"lang": "es", "value": "OpenStack Keystone Grizzly antes de v2013.1, Folsom, y posiblemente versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (excesivo consumo de memoria y CPU) a trav\u00e9s de una petici\u00f3n HTTP demasiado larga, tal y como lo demuestra un tenant_name demasiado largo al solicitar un token."}], "id": "CVE-2013-0270", "lastModified": "2026-04-07T07:16:23.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2013-04-12T22:55:01.070", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2013-0270"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1099025"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://launchpad.net/keystone/grizzly/2013.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1099025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://launchpad.net/keystone/grizzly/2013.1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Dan Prince (Red Hat).", "affected_release": [{"advisory": "RHSA-2013:0708", "cpe": "cpe:/a:redhat:openstack:2::el6", "package": "openstack-keystone-0:2012.2.3-7.el6ost", "product_name": "OpenStack Folsom for RHEL 6", "release_date": "2013-04-04T00:00:00Z"}], "bugzilla": {"description": "Keystone: Large HTTP request DoS", "id": "909012", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token."], "name": "CVE-2013-0270", "package_state": [{"cpe": "cpe:/a:redhat:openstack:2.0", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 2.0"}, {"cpe": "cpe:/a:redhat:openstack:2.1", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 2.1"}], "public_date": "2013-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0270\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0270"], "threat_severity": "Moderate"}