OSSA-2013-022: Swift Denial of Service using superfluous object tombstones

Date:August 07, 2013
CVE:CVE-2013-4155

Affects

  • Swift: All versions

Description

Peter Portante from Red Hat reported a vulnerability in Swift. Byissuing requests with an old X-Timestamp value, an authenticatedattacker can fill an object server with superfluous object tombstones,which may significantly slow down subsequent requests to that objectserver, facilitating a Denial of Service attack against Swift clusters.

Credits

  • Peter Portante from Red Hat (CVE-2013-4155)