{"containers":{"cna":{"title":"Keystone: openstack keystone: denial of service via large http request with long tenant name","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."}],"affected":[{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 13 (Queens)","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-user-workloads/openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:13"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:16.2"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-user-workloads/openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:16.2"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-user-workloads/openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-user-workloads/openstack-keystone","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:18.0"]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"},{"url":"https://access.redhat.com/security/cve/CVE-2013-0270","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012"},{"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"},{"url":"https://launchpad.net/keystone/grizzly/2013.1"}],"datePublic":"2013-04-12T22:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-1284","description":"Improper Validation of Specified Quantity in Input","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-1284: Improper Validation of Specified Quantity in Input","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"timeline":[{"lang":"en","time":"2026-04-02T15:03:35.327Z","value":"Reported to Red Hat."},{"lang":"en","time":"2013-04-12T22:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-04-07T06:55:17.958Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T14:18:09.668Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://launchpad.net/keystone/grizzly/2013.1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"name":"RHSA-2013:0708","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-0270","state":"PUBLISHED","dateReserved":"2012-12-06T00:00:00.000Z","datePublished":"2013-04-12T22:00:00.000Z","dateUpdated":"2026-04-07T06:55:17.958Z"},"dataType":"CVE_RECORD","dataVersion":"5.2"}