CVE-2015-1852

Опубликовано: 17 апр. 2015

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

Описание

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

Релиз	Статус	Примечание
devel	not-affected	1:1.6.0-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [1:0.7.1-ubuntu1.2]]
lucid	DNE
precise	not-affected	code not present
trusty	released	1:0.7.1-ubuntu1.2
trusty/esm	DNE	trusty was released [1:0.7.1-ubuntu1.2]
upstream	needs-triage
utopic	ignored	end of life
vivid	released	1:1.2.0-0ubuntu1.1

Показывать по

Релиз	Статус	Примечание
devel	not-affected	1.5.0-0ubuntu1
esm-infra-legacy/trusty	DNE
lucid	DNE
precise	DNE
trusty	DNE
trusty/esm	DNE
upstream	needs-triage
utopic	ignored	end of life
vivid	released	1.5.0-0ubuntu1.1

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-1852

redhat

почти 11 лет назад

CVE-2015-1852

nvd

почти 11 лет назад

CVE-2015-1852

debian

почти 11 лет назад

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 a ...

SUSE-SU-2015:1602-1

suse-cvrf

больше 10 лет назад

Security update for python modules

SUSE-SU-2015:1208-1

suse-cvrf

больше 10 лет назад

Security update for python-keystoneclient

4.3 Medium

CVSS2

CVE-2015-1852

Описание

Пакет python-keystoneclient

Пакет python-keystonemiddleware

Ссылки на источники

Связанные уязвимости