IBM Security Bulletin: IBM SmartCloud Orchestrator - Keystone DoS through V3 API authentication chaining (CVE-2014-2828)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirttivoli psirtmedium
0 Comments | 793 Visits
By sending a single request with the same authentication method multiple times, a remote attacker may generate unwanted load on the Keystone host, potentially resulting in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected.
SmartCloud Orchestrator 2.3 and 2.3 FixPack 1