2 matches found
CVE-2013-2255
OpenStack CVE-2013-2255 affects HTTPSConnections in Keystone (2013) and OpenStack Compute (2013.1), and possibly other OpenStack components. Root cause: server-side SSL certificate validation is not performed, allowing potential impersonation or man-in-the-middle scenarios where untrusted certifi...
OpenStack多个产品SSL证书校验漏洞(CVE-2013-2255)
CVE ID:CVE-2013-2255 OpenStack Computer提供给一个组织云的工具,其中的功能包括运行虚拟机实例, 管理网络以及通过用户和项目来控制对云的访问OpenStack keystone是openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint OpenStack Computer/keystone在连接服务器时没有校验所提供的SSL证书的合法性,允许远程攻击者利用漏洞伪造合法服务器,进行中间人等攻击 0 OpenStack Compute Nova 2013.x OpenStack Keystone 2013.x 厂商解决...