Описание
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 4 | openstack-nova | Not affected | ||
| OpenStack 3 for RHEL 6 | openstack-cinder | Fixed | RHBA-2014:0363 | 03.04.2014 |
| OpenStack 3 for RHEL 6 | openstack-glance | Fixed | RHBA-2014:0363 | 03.04.2014 |
| OpenStack 3 for RHEL 6 | openstack-quantum | Fixed | RHBA-2014:0363 | 03.04.2014 |
| OpenStack 3 for RHEL 6 | qemu-kvm-rhev | Fixed | RHBA-2014:0363 | 03.04.2014 |
| OpenStack 3 for RHEL 6 | openstack-nova | Fixed | RHSA-2014:0112 | 30.01.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo bef ...
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
EPSS
5.1 Medium
CVSS2