CVE-2014-3706

Опубликовано: 20 фев. 2015

Источник: redhat

CVSS2: 5.8

EPSS Низкий

Описание

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

Отчет

This issue affects the versions of ovirt-engine as shipped with Red Hat MRG 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Virtualization 3	ovirt-engine-backend	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-295

https://bugzilla.redhat.com/show_bug.cgi?id=1154977ovirt-engine: connection does not validate certificate attributes.

EPSS

Процентиль: 44%

0.0022

Низкий

5.8 Medium

CVSS2

Связанные уязвимости

CVE-2014-3706

CVSS3: 5.9

nvd

больше 8 лет назад

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

GHSA-g7pg-wj9c-h3j9

CVSS3: 5.9

github

больше 3 лет назад

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

EPSS

Процентиль: 44%

0.0022

Низкий

5.8 Medium

CVSS2