Preverify_ok Value Incorrectly Checked

2019-01-1508:58:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

python-glanceclient is vulnerable to man-in-the-middle (MitM) attacks. This vulnerability is due to the fact that the preverify_ok value is not correctly checked. This prevents the hostname from being validated with a domain name in the Common Name or SubjectAltName field of the X.509 certificate, allowing malicious users to perform man-in-the-middle attacks through an arbitrary valid certificate.

CPENameOperatorVersion
python-glanceclienteq0.8.0__4.el6ost
python-glanceclienteq0.5.1__1.el6
python-glanceclienteq0.9.0__1.el6ost
python-glanceclienteq0.8.0__3.el6ost
python-glanceclienteq0.5.1__2.el6ost
python-glanceclienteq0.8.0__4.el6ost
python-glanceclienteq0.5.1__1.el6
python-glanceclienteq0.9.0__1.el6ost
python-glanceclienteq0.8.0__3.el6ost
python-glanceclienteq0.5.1__2.el6ost

Name	Operator	Version
python-glanceclient	eq	0.8.0__4.el6ost
python-glanceclient	eq	0.5.1__1.el6
python-glanceclient	eq	0.9.0__1.el6ost
python-glanceclient	eq	0.8.0__3.el6ost
python-glanceclient	eq	0.5.1__2.el6ost
python-glanceclient	eq	0.8.0__4.el6ost
python-glanceclient	eq	0.5.1__1.el6
python-glanceclient	eq	0.9.0__1.el6ost
python-glanceclient	eq	0.8.0__3.el6ost
python-glanceclient	eq	0.5.1__2.el6ost