CVE-2014-7202

Опубликовано: 20 сент. 2014

Источник: redhat

CVSS2: 5.8

Описание

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

Отчет

This issue did not affect the versions of zeromq as shipped with Inktank Ceph Enterprise 1.2 and 1.3.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Web Server 1	ice-1.2	Not affected
Red Hat JBoss Enterprise Web Server 1	ice-1.3	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1147311zeromq: stream engine security can be downgraded by client.

5.8 Medium

CVSS2

Связанные уязвимости

CVE-2014-7202

ubuntu

больше 11 лет назад

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

CVE-2014-7202

nvd

больше 11 лет назад

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

CVE-2014-7202

debian

больше 11 лет назад

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allow ...

GHSA-4jwc-wmvr-fwp2

github

больше 3 лет назад

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

5.8 Medium

CVSS2