Red Hat Bugzilla – Bug 1290664
CVE-2015-8466 openstack-swift-plugin3: replay attack - date/date header unvalidated
Last modified: 2016-06-14 23:38:35 EDT
A required header: date or alternate header: x-amz-date is never validated in the case where neither is specified
This leads to a potential replay attack as the value should be within a 5 minute window from the server time.
Created openstack-swift-plugin-swift3 tracking bugs for this issue:
Affects: fedora-all [bug 1290665]
openstack-swift-plugin-swift3-1.9-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
confirmed no longer affected pre-release