{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-07T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1845", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"}, {"name": "RHSA-2015:1846", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"}, {"name": "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.220Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1845", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"}, {"name": "RHSA-2015:1846", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"}, {"name": "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8177", "datePublished": "2016-06-07T14:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.220Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5E167B79-6F17-4E79-94F0-AC4ABDCF596D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:gluster_storage_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2D3475F-0080-456F-B17D-D94659504C64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage_native_client:-:*:*:*:*:*:*:*", "matchCriteriaId": "203E31B3-18D0-40E4-A072-4C52A0ECAEBE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2D3475F-0080-456F-B17D-D94659504C64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined."}, {"lang": "es", "value": "El paquete gluster-swift de Red Hat, tal como se utiliza en Red Hat Gluster Storage (anteriormente Red Hat Storage Server), permite a usuarios remotos autenticados eludir la restricci\u00f3n max_meta_count a trav\u00e9s de m\u00faltiples peticiones manipuladas que exceden el l\u00edmite cuando se combinan."}], "id": "CVE-2014-8177", "lastModified": "2019-04-22T17:48:00.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-07T14:06:00.133", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3:client:el6", "package": "glusterfs-0:3.7.1-16.el6", "product_name": "Native Client for RHEL 6 for Red Hat Storage", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3:client:el7", "package": "glusterfs-0:3.7.1-16.el7", "product_name": "Native Client for RHEL 7 for Red Hat Storage", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gdeploy-0:1.0-12.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "glusterfs-0:3.7.1-16.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gluster-nagios-addons-0:0.2.5-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gluster-nagios-common-0:0.2.2-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "gstatus-0:0.65-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "nagios-server-addons-0:0.2.2-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "nfs-ganesha-0:2.2.0-9.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "openstack-swift-0:1.13.1-6.el6ost", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "redhat-storage-server-0:3.1.1.0-2.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "swiftonfile-0:1.13.1-5.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1845", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el6", "package": "vdsm-0:4.16.20-1.3.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "gdeploy-0:1.0-12.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "glusterfs-0:3.7.1-16.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "gluster-nagios-addons-0:0.2.5-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "gluster-nagios-common-0:0.2.2-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "gstatus-0:0.65-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "nagios-server-addons-0:0.2.2-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "nfs-ganesha-0:2.2.0-9.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "openstack-swift-0:1.13.1-6.el7ost", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "redhat-storage-server-0:3.1.1.0-2.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "swiftonfile-0:1.13.1-5.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/a:redhat:storage:3.1:nfs:el7", "package": "vdsm-0:4.16.20-1.3.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-10-05T00:00:00Z"}, {"advisory": "RHSA-2015:1846", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "glusterfs-0:3.7.1-16.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2015-10-05T00:00:00Z"}], "bugzilla": {"description": "gluster-swift metadata constraints are not correctly enforced", "id": "1257525", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "details": ["The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.", "A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage (swiftonfile). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration."], "name": "CVE-2014-8177", "public_date": "2015-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8177\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8177"], "threat_severity": "Moderate"}