CVE-2017-1000256

Опубликовано: 31 окт. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

Ссылки

http://www.debian.org/security/2017/dsa-4003
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-1000256
Issue Tracking
Vendor Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html
https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
Issue Tracking
Vendor Advisory
http://www.debian.org/security/2017/dsa-4003
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-1000256
Issue Tracking
Vendor Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html
https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Версия от 2.3.0 (включая) до 3.9.0 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00425

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2017-1000256

CVSS3: 8.1

ubuntu

больше 7 лет назад

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

CVE-2017-1000256

CVSS3: 5

redhat

больше 7 лет назад

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

CVE-2017-1000256

CVSS3: 8.1

msrc

почти 5 лет назад

Описание отсутствует

CVE-2017-1000256

CVSS3: 8.1

debian

больше 7 лет назад

libvirt version 2.3.0 and later is vulnerable to a bad default configu ...

openSUSE-SU-2017:2878-1

suse-cvrf

больше 7 лет назад

Security update for libvirt

EPSS

Процентиль: 61%

0.00425

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295