4.3

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2013-4179

GHSA ID

GHSA-j6xh-q826-55jw

EPSS Score

0.64624%

CWE

CWE-119

Published

5/17/2022

Updated

2/8/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-4179

CVE-2013-4179: OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2013-4179

CVE-2013-4179:

4.3

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2013-4179

GHSA ID

GHSA-j6xh-q826-55jw

EPSS Score

0.64624%

CWE

CWE-119

Published

5/17/2022

Updated

2/8/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nova	pip	<= 2013.1.3	2013.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure XML parsing in security group extensions. Patch analysis shows:

In security_groups.py, the _extend_servers method directly parsed req.body with minidom.parseString() - a known XEE vector when used without safeguards.
In security_group_default_rules.py, XML input was parsed with raw minidom.parseString(). Both were replaced with safe_minidom_parse_string() in patches, confirming these were the vulnerable entry points. These functions would appear in profilers when processing malicious XML payloads during exploitation attempts.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2013-4179: OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack

CVE-2013-4179:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

CVE-2013-4179: OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

4.3

4.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI