CVE-2012-3533

Sažetak

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.

Reference

http://gerrit.ovirt.org/#/c/7209/
http://gerrit.ovirt.org/#/c/7249/
http://secunia.com/advisories/50409
http://www.openwall.com/lists/oss-security/2012/08/24/6
http://www.openwall.com/lists/oss-security/2012/08/26/1
http://www.securityfocus.com/bid/55208
https://bugzilla.redhat.com/show_bug.cgi?id=851672
https://exchange.xforce.ibmcloud.com/vulnerabilities/77984

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:31

Objavljeno

31-08-2012 - 20:55