Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2639

Опубликовано: 31 мая 2017
Источник: redhat
CVSS3: 6.5
CVSS2: 7.1

Описание

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1429632CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA

6.5 Medium

CVSS3

7.1 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2017-2639

CVSS3: 6.5
nvd
больше 7 лет назад

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.

github логотип

GHSA-gmm6-vqjm-5p45

CVSS3: 7.5
github
больше 3 лет назад

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.

6.5 Medium

CVSS3

7.1 High

CVSS2