Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-3908HistoryAug 12, 2015 - 2:59 p.m.
CVE-2015-3908
2015-08-1214:59:00
Debian Security Bug Tracker
security-tracker.debian.org
10
0.001 Low
EPSS
Percentile
48.2%
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | ansible | <Â 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 11 | all | ansible | <Â 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 10 | all | ansible | <Â 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 999 | all | ansible | <Â 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 13 | all | ansible | <Â 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
Related
nessus
nessus
Fedora 22 : ansible-1.9.2-1.fc22 (2015-10797)
2015-07-06 00:00:00
openSUSE Security Update : ansible (openSUSE-2015-557)
2015-08-31 00:00:00
Fedora 21 : ansible-1.9.2-1.fc21 (2015-10807)
2015-07-06 00:00:00
github
github
mageia
mageia
Updated ansible package fixes security vulnerability
2015-07-29 00:01:59
osv
osv
PYSEC-2015-1
2015-08-12 14:59:00
Ansible does not verify that the server hostname matches a domain name in certificates
2018-10-10 17:23:51
ansible - security update
2019-09-16 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: ansible-1.9.2-1.fc22
2015-07-05 18:56:03
[SECURITY] Fedora 21 Update: ansible-1.9.2-1.fc21
2015-07-05 18:56:55
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0292)
2015-10-15 00:00:00
Fedora Update for ansible FEDORA-2015-10807
2015-10-30 00:00:00
Fedora Update for ansible FEDORA-2015-10797
2015-07-07 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2017-04-05 02:01:13
cve
cve
CVE-2015-3908
2015-08-12 14:59:00
ubuntucve
ubuntucve
CVE-2015-3908
2015-08-12 00:00:00
prion
prion
Code injection
2015-08-12 14:59:00
cvelist
cvelist
CVE-2015-3908
2015-08-12 14:00:00
freebsd
freebsd
ansible -- multiple vulnerabilities
2015-06-25 00:00:00
debian
debian
[SECURITY] [DLA 1923-1] ansible security update
2019-09-16 12:23:45