Candidate: CVE-2015-8466
PublicDate: 2016-01-13 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8466
 https://swiftstack.com/docs/admin/release.html
 https://github.com/openstack/swift3/blob/master/CHANGELOG
 https://bugs.launchpad.net/swift3/+bug/1497424
 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174374.html
Description:
 Swift3 before 1.9 allows remote attackers to conduct replay attacks via an
 Authorization request that lacks a Date header.
Ubuntu-Description:
 It was discovered that Swift3 did not properly validate the Date and
 x-amz-date headers when an Authorization header was specified. An attacker
 could use this vulnerability to conduct a replay attack and potentialy expose
 sensitive information.
Notes:
Bugs:
Priority: medium
Discovered-by: Darryl Tam
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N [7.4 HIGH]

Patches_swift-plugin-s3:
 upstream: https://git.openstack.org/cgit/openstack/swift3/commit/?id=4fce274c50112e02360993c4eeaafe811fcc757c
upstream_swift-plugin-s3: needs-triage
precise_swift-plugin-s3: DNE
precise/esm_swift-plugin-s3: DNE
trusty_swift-plugin-s3: ignored (reached end-of-life)
trusty/esm_swift-plugin-s3: DNE (trusty was needed)
vivid_swift-plugin-s3: ignored (reached end-of-life)
vivid/stable-phone-overlay_swift-plugin-s3: DNE
vivid/ubuntu-core_swift-plugin-s3: DNE
wily_swift-plugin-s3: ignored (reached end-of-life)
xenial_swift-plugin-s3: ignored (end of standard support, was needed)
yakkety_swift-plugin-s3: ignored (reached end-of-life)
zesty_swift-plugin-s3: not-affected (1.11-2)
artful_swift-plugin-s3: not-affected (1.11-2)
bionic_swift-plugin-s3: not-affected (1.11-2)
cosmic_swift-plugin-s3: DNE
disco_swift-plugin-s3: DNE
eoan_swift-plugin-s3: DNE
focal_swift-plugin-s3: DNE
groovy_swift-plugin-s3: DNE
hirsute_swift-plugin-s3: DNE
impish_swift-plugin-s3: DNE
jammy_swift-plugin-s3: DNE
devel_swift-plugin-s3: DNE