Количество 2
Количество 2
CVE-2014-0161
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.
GHSA-wf9j-m9fv-92gq
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2014-0161 ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. | CVSS3: 5.9 | 0% Низкий | около 6 лет назад |
| GHSA-wf9j-m9fv-92gq ovirt-engine-sdk-python improper validation of hostname in x.509 certificate | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу