OpenStack Swift Cross-Site Scripting Vulnerability
Release date:
Updated on:
Affected Systems:
Openstack Swift 1.11.0-1.13.1
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-3497
OpenStack Object Storage (Swift) is a sub-project of OpenStack's open-source cloud computing project. It is called Object Storage and provides powerful scalability, redundancy, and durability.
OpenStack Swift 1.11.0-1.13.1 has a cross-site scripting vulnerability. This vulnerability allows remote attackers to inject arbitrary Web scripts or HTML messages through the WWW-Authenticate header.
Summary of Swift multi-node installation and testing in Ubuntu
Objective-C comments on the highlights of Swift
Install and configure OpenStack Swift
<* Source: Globo.com Security Team
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://review.openstack.org/#/c/101031/
Https://review.openstack.org/#/c/101032/
This article permanently updates the link address: