Описание
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | python-oauth2 | Not affected | ||
| Red Hat OpenStack Platform 4 | python-oauth2 | Will not fix | ||
| RHUI for RHEL 6 | python-oauth2 | Will not fix | ||
| Red Hat Satellite 6.1 | aopalliance | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-commons-codec-eap6 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-mime4j | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | atinject | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | bouncycastle | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | c3p0 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | candlepin | Fixed | RHSA-2015:1592 | 12.08.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
The Server.verify_request function in SimpleGeo python-oauth2 does not ...
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
EPSS
4.3 Medium
CVSS2