Miggo Logo
Miggo Vulnerability Database
CVE-2015-0259

CVE-2015-0259: OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity

5.1

CVSS Score

Basic Information

CVE ID
CVE-2015-0259
GHSA ID
GHSA-x8xr-rm9r-7mvf
EPSS Score
0.42995%
CWE
CWE-345
Published
5/14/2022
Updated
2/8/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:H/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 2014.1.42014.1.4
novapip>= 2014.2.0, < 2014.2.32014.2.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing Origin header validation in websocket handlers. The patches modify NovaProxyRequestHandler.new_client in websocketproxy.py to add verify_origin_proto checks. The absence of these checks in the original code indicates this function was the vulnerable entry point that processed unvalidated websocket connections.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k *omput* (Nov*) ***or* ****.*.*, ****.*.x ***or* ****.*.*, *n* kilo ***or* kilo-* *o*s not v*li**t* t** ori*in o* w**so*k*t r*qu*sts, w*i** *llows r*mot* *tt**k*rs to *ij**k t** *ut**nti**tion o* us*rs *or ****ss to *onsol*s vi* * *r**t** w*

Reasoning

T** vuln*r**ility st*ms *rom missin* Ori*in *****r v*li**tion in w**so*k*t **n*l*rs. T** p*t***s mo*i*y Nov*ProxyR*qu*st**n*l*r.n*w_*li*nt in w**so*k*tproxy.py to *** v*ri*y_ori*in_proto ****ks. T** **s*n** o* t**s* ****ks in t** ori*in*l *o** in*i**