Main Vulnerability Database Vulnerabilities #VU42116

Information disclosure in Swift - CVE-2014-0006

Published: January 23, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42116

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0006

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Swift

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

How to mitigate CVE-2014-0006

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2014-0232.html
http://www.openwall.com/lists/oss-security/2014/01/17/5
https://bugs.launchpad.net/swift/+bug/1265665

Information disclosure in Swift - CVE-2014-0006

Detailed vulnerability description

How to mitigate CVE-2014-0006

Sources

Please verify you're human