CVE-2014-8177 - Vulnerability Details

The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Gluster Storage Management Console Gluster Storage Server Storage Storage Native Client

Configuration 1 [-]

AND

OR	cpe:2.3:a:redhat:gluster_storage_management_console:3.1:::::::*
	cpe:2.3:a:redhat:gluster_storage_server:3.1:::::::*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:redhat:storage_native_client:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:redhat:gluster_storage_server:3.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Native Client for RHEL 6 for Red Hat Storage
glusterfs-0:3.7.1-16.el6	cpe:/a:redhat:storage:3:client:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
Native Client for RHEL 7 for Red Hat Storage
glusterfs-0:3.7.1-16.el7	cpe:/a:redhat:storage:3:client:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
Red Hat Gluster Storage 3.1 for RHEL 6
gdeploy-0:1.0-12.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
glusterfs-0:3.7.1-16.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
gluster-nagios-addons-0:0.2.5-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
gluster-nagios-common-0:0.2.2-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
gstatus-0:0.65-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
nagios-server-addons-0:0.2.2-1.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
nfs-ganesha-0:2.2.0-9.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
openstack-swift-0:1.13.1-6.el6ost	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
redhat-storage-server-0:3.1.1.0-2.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
swiftonfile-0:1.13.1-5.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
vdsm-0:4.16.20-1.3.el6rhs	cpe:/a:redhat:storage:3.1:nfs:el6	RHSA-2015:1845	2015-10-05T00:00:00Z
Red Hat Gluster Storage 3.1 for RHEL 7
gdeploy-0:1.0-12.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
glusterfs-0:3.7.1-16.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
gluster-nagios-addons-0:0.2.5-1.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
gluster-nagios-common-0:0.2.2-1.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
gstatus-0:0.65-1.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
nagios-server-addons-0:0.2.2-1.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
nfs-ganesha-0:2.2.0-9.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
openstack-swift-0:1.13.1-6.el7ost	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
redhat-storage-server-0:3.1.1.0-2.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
swiftonfile-0:1.13.1-5.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
vdsm-0:4.16.20-1.3.el7rhgs	cpe:/a:redhat:storage:3.1:nfs:el7	RHSA-2015:1846	2015-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
glusterfs-0:3.7.1-16.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2015:1846	2015-10-05T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2015-1845.html
http://rhn.redhat.com/errata/RHSA-2015-1846.html
http://www.openwall.com/lists/oss-security/2015/08/27/5
https://bugzilla.redhat.com/show_bug.cgi?id=1257525
https://nvd.nist.gov/vuln/detail/CVE-2014-8177
https://www.cve.org/CVERecord?id=CVE-2014-8177

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-07T14:00:00

Updated: 2024-08-06T13:10:51.220Z

Reserved: 2014-10-10T00:00:00

Link: CVE-2014-8177

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-06-07T14:06:00.133

Modified: 2024-11-21T02:18:43.120

Link: CVE-2014-8177

Redhat

Severity : Moderate

Publid Date: 2015-08-21T00:00:00Z

Links: CVE-2014-8177 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object