CVE-2015-3229

Опубликовано: 16 окт. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.

Ссылки

http://www.openwall.com/lists/oss-security/2015/06/12/8
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/75185
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1231800
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/spins%40lists.fedoraproject.org/thread/L3GSGM5JS2EAJJAGEHR7U4ATNM4ILFKK/
http://www.openwall.com/lists/oss-security/2015/06/12/8
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/75185
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1231800
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/spins%40lists.fedoraproject.org/thread/L3GSGM5JS2EAJJAGEHR7U4ATNM4ILFKK/

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:fedoraproject:spin-kickstarts:-:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:atomic:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00473

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-cg43-cf45-g8h6