CVE-2014-3706

Опубликовано: 18 окт. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

Ссылки

http://www.securityfocus.com/bid/101507
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1154977
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/101507
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1154977
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:enterprise_mrg:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.0022

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2014-3706

redhat

почти 11 лет назад

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

GHSA-g7pg-wj9c-h3j9

CVSS3: 5.9

github

больше 3 лет назад

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

EPSS

Процентиль: 44%

0.0022

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295