Количество 7
Количество 7
CVE-2015-1852
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
CVE-2015-1852
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
CVE-2015-1852
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
CVE-2015-1852
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 a ...
SUSE-SU-2015:1602-1
Security update for python modules
SUSE-SU-2015:1208-1
Security update for python-keystoneclient
GHSA-p9wq-mjh8-q72m
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2015-1852 The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | CVSS2: 4.3 | 0% Низкий | почти 11 лет назад |
 | CVE-2015-1852 The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | CVSS2: 6.8 | 0% Низкий | почти 11 лет назад |
 | CVE-2015-1852 The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | CVSS2: 4.3 | 0% Низкий | почти 11 лет назад |
| CVE-2015-1852 The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 a ... | CVSS2: 4.3 | 0% Низкий | почти 11 лет назад |
 | SUSE-SU-2015:1602-1 Security update for python modules | 0% Низкий | больше 10 лет назад | |
| SUSE-SU-2015:1208-1 Security update for python-keystoneclient | 0% Низкий | больше 10 лет назад | |
| GHSA-p9wq-mjh8-q72m OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу