vulnerability
Ubuntu: (CVE-2015-8466): swift-plugin-s3 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Jan 13, 2016 | Nov 19, 2024 | Aug 19, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Jan 13, 2016
Added
Nov 19, 2024
Modified
Aug 19, 2025
Description
It was discovered that Swift3 did not properly validate the Date and x-amz-date headers when an Authorization header was specified. An attacker could use this vulnerability to conduct a replay attack and potentialy expose sensitive information.
Solution
ubuntu-pro-upgrade-swift-plugin-s3
References
- CVE-2015-8466
- https://attackerkb.com/topics/CVE-2015-8466
- CWE-20
- DEBIAN-DSA-3583
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174374.html
- URL-https://bugs.launchpad.net/swift3/+bug/1497424
- URL-https://github.com/openstack/swift3/blob/master/CHANGELOG
- URL-https://swiftstack.com/docs/admin/release.html
- URL-https://www.cve.org/CVERecord?id=CVE-2015-8466
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.