5 matches found
RHEL 6 : Virtualization Manager (RHSA-2015:0158)
Red Hat Enterprise Virtualization Manager 3.5.0 is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links...
CVE-2014-0151
Cross-site request forgery CSRF vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request...
CVE-2014-0151
The CVE-2014-0151 CSRF flaw affects oVirt Engine prior to 3.5.0 beta2, enabling a remote attacker to hijack a legitimate user’s session by crafting a page that triggers REST API actions. Root cause is a CSRF vulnerability in the oVirt REST API, with the trusted session reused for unintended reque...
Important: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager 3.5.0
Red Hat Enterprise Virtualization Manager 3.5.0 is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links...
oVirt会话固定漏洞
CVE ID:CVE-2014-0151 oVirt是一个虚拟化平台,一个易于使用的Web界面。 处理会话时的错误可被攻击者利用,通过欺骗用户登录特制链后,劫持其他用户的会话。 0 oVirt 3.x 目前没有详细解决方案: http://www.ovirt.org/Home...