Moderate severityNVD Advisory· Published Sep 16, 2013· Updated Apr 29, 2026

CVE-2013-4179

Description

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
novaPyPI	< 2013.2	2013.2

Affected products

OpenStack/Compute
cpe:2.3:a:openstack:compute:2013.1.3:*:*:*:*:*:*:*
OpenStack/Havana2 versions
cpe:2.3:a:openstack:havana:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openstack:havana:*:*:*:*:*:*:*:*range: <=havana-2
- cpe:2.3:a:openstack:havana:havana-1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-1199.htmlnvdPatchVendor AdvisoryWEB
bugs.launchpad.net/ossa/+bug/1190229nvdExploitWEB
github.com/advisories/GHSA-j6xh-q826-55jwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2013-4179ghsaADVISORY
www.ubuntu.com/usn/USN-2005-1nvdWEB
access.redhat.com/errata/RHSA-2013:1199ghsaWEB
access.redhat.com/security/cve/CVE-2013-4179ghsaWEB
bugzilla.redhat.com/show_bug.cgighsaWEB
opendev.org/openstack/novaghsaPACKAGE

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000