CVE-2011-4596

Name: CVE-2011-4596
Creator: NVD / NIST
Published: 2011-12-23T22:55:00.99+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.94%

Last modified Jun 16, 2026

CVE-2011-4596 is a vulnerability of currently unknown severity. Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.. EPSS estimates a 1.94% chance of exploitation in the next 30 days.

Description

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

Metrics

EPSS Probability

1.94%

77.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Openstack	Nova	>= 2011.3, < 2011.3.1

References

https://bugs.launchpad.net/nova/+bug/885167Third Party Advisory
https://bugs.launchpad.net/nova/+bug/894755Third Party Advisory
https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6Third Party Advisory
https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667eThird Party Advisory
https://lists.launchpad.net/openstack/msg06105.htmlThird Party Advisory
https://bugs.launchpad.net/nova/+bug/885167Third Party Advisory
https://bugs.launchpad.net/nova/+bug/894755Third Party Advisory
https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6Third Party Advisory
https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667eThird Party Advisory
https://lists.launchpad.net/openstack/msg06105.htmlThird Party Advisory

Timeline

Published: Dec 23, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4596?

How severe is CVE-2011-4596?

Severity scoring for CVE-2011-4596 is pending analysis. The EPSS model estimates a 1.94% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4596?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4596?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST