{
  "threat_severity" : "Moderate",
  "public_date" : "2014-09-04T00:00:00Z",
  "bugzilla" : {
    "description" : "openstack-swift: Swift metadata constraints are not correctly enforced",
    "id" : "1150461",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150461"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.", "A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration." ],
  "affected_release" : [ {
    "product_name" : "Native Client for RHEL 5 for Red Hat Storage",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:2:client:el5",
    "package" : "glusterfs-0:3.7.1-11.el5"
  }, {
    "product_name" : "Native Client for RHEL 6 for Red Hat Storage",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3:client:el6",
    "package" : "glusterfs-0:3.7.1-11.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
    "release_date" : "2015-04-16T00:00:00Z",
    "advisory" : "RHSA-2015:0836",
    "cpe" : "cpe:/a:redhat:openstack:5::el6",
    "package" : "openstack-swift-0:1.13.1-4.el6ost"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
    "release_date" : "2015-04-16T00:00:00Z",
    "advisory" : "RHSA-2015:0835",
    "cpe" : "cpe:/a:redhat:openstack:5::el7",
    "package" : "openstack-swift-0:1.13.1-4.el7ost"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "augeas-0:1.0.0-10.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "check-mk-0:1.2.6p1-3.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "clufter-0:0.11.2-1.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "cluster-0:3.0.12.1-73.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "clustermon-0:0.16.2-31.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "corosync-0:1.4.7-2.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "ctdb2.5-0:2.5.5-7.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "fence-virt-0:0.2.3-19.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "glusterfs-0:3.7.1-11.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "gluster-nagios-addons-0:0.2.4-4.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "gluster-nagios-common-0:0.2.0-1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "gstatus-0:0.64-3.1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "libqb-0:0.17.1-1.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "libtalloc-0:2.1.1-4.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "libvirt-0:0.10.2-54.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "nagios-plugins-0:1.4.16-12.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "nagios-server-addons-0:0.2.1-4.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "nfs-ganesha-0:2.2.0-5.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "nrpe-0:2.15-4.1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "openais-0:1.1.1-7.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "openstack-swift-0:1.13.1-4.el6ost"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "pacemaker-0:1.1.12-8.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "pcs-0:0.9.139-9.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "pnp4nagios-0:0.6.22-2.1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "pynag-0:0.9.1-1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-blivet-1:1.0.0.2-1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-cpopen-0:1.3-4.el6_5"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-eventlet-0:0.14.0-1.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-greenlet-0:0.4.2-1.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-keystoneclient-1:0.9.0-5.el6ost"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-prettytable-0:0.7.2-1.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "python-pyudev-0:0.15-2.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "redhat-storage-logos-0:60.0.20-1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "redhat-storage-server-0:3.1.0.3-1.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "resource-agents-0:3.9.5-24.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "ricci-0:0.16.2-81.el6"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "userspace-rcu-0:0.7.9-2.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6",
    "release_date" : "2015-07-29T00:00:00Z",
    "advisory" : "RHSA-2015:1495",
    "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6",
    "package" : "vdsm-0:4.16.20-1.2.el6rhs"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenStack Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openstack-swift",
    "cpe" : "cpe:/a:redhat:openstack:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-7960\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7960" ],
  "name" : "CVE-2014-7960",
  "csaw" : false
}