Apache Libcloud does not verify SSL certificates for HTTPS connections

libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack. This is due to an upstream issue with python's SSL module rather than directly with libclo...

openSUSE Security Update : python-apache-libcloud (openSUSE-SU-2014:0198-1)

Updated to 0.13.3 bnc857209, CVE-2013-6480 + Security fix release, for destroying nodes on digitalOcean 'datascrub' method is always invoked - Require python-setuptools instead of distribute upstreams merged - Updated to 0.13.2 - General : - Don't sent Content-Length: 0 header with POST and PUT...

Apache Libcloud Digital Ocean API本地信息泄露漏洞

BUGTRAQ ID: 64617 CVECAN ID: CVE-2013-6480 libcloud 是用Python开发的访问云计算服务的统一接口。 Apache Libcloud 0.12.3-0.13.2版本销毁DigitalOcean节点时，没有发送scrubdata query参数，这可使本地攻击者利用此漏洞获取敏感信息。 0 Apache Group Libcloud 0.12.3 - 0.13.3 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Apache Libcloud Digital Ocean API - Local Information Disclosure

source: https://www.securityfocus.com/bid/64617/info Apache Libcloud is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. Apache Libcloud versions 0.12.3 through 0.13.2 a...

Apache Libcloud Digital Ocean API - Local Information Disclosure

Apache Libcloud Digital Ocean API - Local Information Disclosure source: https://www.securityfocus.com/bid/64617/info Apache Libcloud is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to...

CVE-2012-3446

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...

Code injection

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...

PYSEC-2012-12

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...

CVE-2012-3446

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...

CVE-2012-3446

Apache Libcloud before 0.11.1 suffers from an incorrect regular expression in hostname verification against the X.509 certificate’s CN/subjectAltName, allowing MITM via crafted certificates. Affected versions: Libcloud prior to 0.11.1. Root cause: faulty domain name matching logic in SSL verifica...

PT-2012-4719 · Apache · Apache Libcloud

Name of the Vulnerable Software and Affected Versions: Apache Libcloud versions prior to 0.11.1 Description: The issue arises from an incorrect regular expression used during the verification process of whether the server hostname matches a domain name in the subject's Common Name CN or...

Apache Libcloud中间人信息泄露漏洞

BUGTRAQ ID: 54798 libcloud 是一个访问云计算服务的统一接口，该项目已经成为Apache 组织的顶级项目，采用Python 开发。 Apache Libcloud在实现上存在中间人漏洞，攻击者可利用此漏洞嗅探即时消息会话并获取敏感信息。 0 Apache Group Libcloud 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://httpd.apache.org/...