Miggo Logo
Miggo Vulnerability Database
CVE-2014-3708

CVE-2014-3708: OpenStack Compute (Nova) Denial of Service vulnerability

4

CVSS Score

Basic Information

CVE ID
CVE-2014-3708
GHSA ID
GHSA-43hc-pwvx-pmfg
EPSS Score
0.74792%
CWE
-
Published
5/14/2022
Updated
2/13/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 2014.1.42014.1.4
novapip>= 2014.2.0, < 2014.2.12014.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from IP filtering implementation that triggered full instance scans via network API. Patches show the critical path was: 1) get_instance_uuids_by_ip_filter in network API performing expensive SQL queries, and 2) _ip_filter in compute API initiating these calls. Runtime detection would show these functions dominating CPU during malicious API requests with IP filters.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k *omput* (Nov*) ***or* ****.*.* *n* ****.*.x ***or* ****.*.* *llows r*mot* *ut**nti**t** us*rs to **us* * **ni*l o* s*rvi** (*PU *onsumption) vi* *n IP *ilt*r in * list **tiv* s*rv*rs *PI r*qu*st.

Reasoning

T** vuln*r**ility st*mm** *rom IP *ilt*rin* impl*m*nt*tion t**t tri***r** *ull inst*n** s**ns vi* n*twork *PI. P*t***s s*ow t** *riti**l p*t* w*s: *) **t_inst*n**_uui*s_*y_ip_*ilt*r in n*twork *PI p*r*ormin* *xp*nsiv* SQL qu*ri*s, *n* *) _ip_*ilt*r i