Lucene search
Ubuntu.comUB:CVE-2013-6434HistoryJan 24, 2014 - 12:00 a.m.
CVE-2013-6434
2014-01-2400:00:00
ubuntu.com
ubuntu.com
5
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
35.2%
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M)
before 3.3, when using a native SPICE client invocation method, initially
makes insecure connections to the SPICE server, which allows
man-in-the-middle attackers to spoof the SPICE server.
Notes
| Author | Note |
|---|---|
| seth-arnold | Insufficient details were provided to determine where the fault is – the Red Hat update is to their rhevm package – so I’ve marked spice as the involved package until this can be researched further. |
| mdeslaur | possibly https://github.com/oVirt/ovirt-engine/commit/f39cf23b6fedc924d054e3178242388e52a3c7ed likely rhevm specific |
Related
redhat
redhat
nvd
nvd
CVE-2013-6434
2014-01-24 18:55:04
cve
cve
CVE-2013-6434
2014-01-24 18:55:04
prion
prion
Code injection
2014-01-24 18:55:00
cvelist
cvelist
CVE-2013-6434
2014-01-24 18:00:00
nessus
nessus
RHEL 6 : Virtualization Manager (RHSA-2014:0038)
2014-11-08 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
35.2%
Related for UB:CVE-2013-6434