CVE-2016-0738

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

Affected Software

Name	Vendor	Start Version	End Version
Swift	Openstack	*	2.3.0 (including)
Swift	Openstack	2.4.0 (including)	2.4.0 (including)
Swift	Openstack	2.5.0 (including)	2.5.0 (including)
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6	RedHat	openstack-swift-0:1.13.1-8.el6ost	*
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	RedHat	openstack-swift-0:1.13.1-8.el7ost	*
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	RedHat	openstack-swift-0:2.2.0-6.el7ost	*
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	RedHat	openstack-swift-0:2.3.0-3.el7ost	*
Red Hat Gluster Storage 3.1 for RHEL 6	RedHat	openstack-swift-0:1.13.1-8.el6ost	*
Red Hat Gluster Storage 3.1 for RHEL 7	RedHat	openstack-swift-0:1.13.1-8.el7ost	*
Swift	Ubuntu	precise	*
Swift	Ubuntu	trusty	*
Swift	Ubuntu	upstream	*
Swift	Ubuntu	vivid	*
Swift	Ubuntu	wily	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-0738
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References