OpenStack Swift Cross-Site Scripting Vulnerability

OpenStack Swift Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
Openstack Swift 1.11.0-1.13.1
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-3497
 
OpenStack Object Storage (Swift) is a sub-project of OpenStack's open-source cloud computing project. It is called Object Storage and provides powerful scalability, redundancy, and durability.
 
OpenStack Swift 1.11.0-1.13.1 has a cross-site scripting vulnerability. This vulnerability allows remote attackers to inject arbitrary Web scripts or HTML messages through the WWW-Authenticate header.

Summary of Swift multi-node installation and testing in Ubuntu

Objective-C comments on the highlights of Swift

Install and configure OpenStack Swift
 
<* Source: Globo.com Security Team
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Https://review.openstack.org/#/c/101031/
 
Https://review.openstack.org/#/c/101032/

This article permanently updates the link address: