CVE-2017-1000256

Опубликовано: 31 окт. 2017

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 6.8

CVSS3: 8.1

Описание

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

Релиз	Статус	Примечание
artful	released	3.6.0-1ubuntu6.3
devel	not-affected	4.0.0-1ubuntu2
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/xenial	not-affected	code not present
precise/esm	not-affected	code not present
trusty	not-affected	code not present
trusty/esm	not-affected	code not present
upstream	released	3.8.0-3
vivid/ubuntu-core	DNE
xenial	not-affected	code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 61%

0.00425

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-1000256

CVSS3: 5

redhat

больше 7 лет назад

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

CVE-2017-1000256

CVSS3: 8.1

nvd

больше 7 лет назад

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

CVE-2017-1000256

CVSS3: 8.1

msrc

почти 5 лет назад

Описание отсутствует

CVE-2017-1000256

CVSS3: 8.1

debian

больше 7 лет назад

libvirt version 2.3.0 and later is vulnerable to a bad default configu ...

openSUSE-SU-2017:2878-1

suse-cvrf

больше 7 лет назад

Security update for libvirt

EPSS

Процентиль: 61%

0.00425

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

CVE-2017-1000256

Описание

Пакет libvirt

Ссылки на источники

Связанные уязвимости