Lucene search
RedhatCVELIST:CVE-2012-0861HistoryJan 04, 2013 - 10:00 p.m.
CVE-2012-0861
2013-01-0422:00:00
redhat
www.cve.org
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.
Related
cve
cve
CVE-2012-0861
2013-01-04 22:55:01
prion
prion
Code injection
2013-01-04 22:55:00
nvd
nvd
CVE-2012-0861
2013-01-04 22:55:01
redhat
redhat
(RHSA-2012:1505) Important: rhev-hypervisor6 security, bug fix, and enhancement update
2012-12-04 00:00:00
(RHSA-2012:1508) Important: rhev-3.1.0 vdsm security, bug fix, and enhancement update
2012-12-04 00:00:00
(RHSA-2012:1506) Important: Red Hat Enterprise Virtualization Manager 3.1
2012-12-04 00:00:00
nessus
nessus
RHEL 6 : rhev-3.1.0 vdsm (RHSA-2012:1508)
2014-11-08 00:00:00
RHEL 6 : rhev-hypervisor6 (RHSA-2012:1505)
2014-11-08 00:00:00
RHEL 6 : Virtualization Manager (RHSA-2012:1506)
2014-11-08 00:00:00