OSSA-2013-022: Swift Denial of Service using superfluous object tombstones¶
August 07, 2013
Swift: All versions
Peter Portante from Red Hat reported a vulnerability in Swift. Byissuing requests with an old X-Timestamp value, an authenticatedattacker can fill an object server with superfluous object tombstones,which may significantly slow down subsequent requests to that objectserver, facilitating a Denial of Service attack against Swift clusters.
Peter Portante from Red Hat (CVE-2013-4155)