OpenStack Horizon Resource Name Cross-Site Scripting Vulnerability (CVE-2014-3473)

OpenStack Horizon Resource Name Cross-Site Scripting Vulnerability (CVE-2014-3473)

Release date:
Updated on:

Affected Systems:
Openstack OpenStack Dashboard (Horizon)
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68459
CVE (CAN) ID: CVE-2014-3473
 
OpenStack Dashboard Horizon is an OpenStack Dashboard project that provides Web user interfaces to the OpenStack service.
 
OpenStack Horizon does not properly filter user input. A cross-site scripting vulnerability exists in implementation. Attackers can exploit this vulnerability to execute arbitrary script code in the context of the affected site, then, steal the cookie authentication credential.

Summary of Swift multi-node installation and testing in Ubuntu

Objective-C comments on the highlights of Swift

Install and configure OpenStack Swift
 
<* Source: Jason Hullinger
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://lists.openstack.org/pipermail/openstack-announce/

This article permanently updates the link address: