Lucene search

K

[email protected]NVD:CVE-2014-7144

HistoryOct 02, 2014 - 2:55 p.m.

CVE-2014-7144

2014-10-0214:55:04

CWE-310

[email protected]

web.nvd.nist.gov

8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

66.2%

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the “insecure” option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

Affected configurations

Nvd

Node

openstackkeystonemiddlewareMatch1.0.0

OR

openstackkeystonemiddlewareMatch1.1.0

OR

openstackkeystonemiddlewareMatch1.1.1

OR

openstackpython-keystoneclientRange≤0.10.1

References

rhn.redhat.com/errata/RHSA-2014-1783.html

rhn.redhat.com/errata/RHSA-2014-1784.html

rhn.redhat.com/errata/RHSA-2015-0020.html

secunia.com/advisories/62709

www.openwall.com/lists/oss-security/2014/09/25/51

www.securityfocus.com/bid/69864

www.ubuntu.com/usn/USN-2705-1

bugs.launchpad.net/python-keystoneclient/+bug/1353315

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

66.2%

Related for NVD:CVE-2014-7144

ubuntucve2 redhat5 nessus3 prion2 veracode1 osv6 github2 cve2 debiancve2 cvelist2 openvas1 ubuntu1 nvd1 securityvulns2