Lucene search
Veracode Vulnerability DatabaseVERACODE:11481HistoryJan 15, 2019 - 9:02 a.m.
Man-in-the-Middle (MitM) Attacks
2019-01-1509:02:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.003
Percentile
66.2%
keystonemiddleware is vulnerable to man-in-the-middle (MitM) attacks. When the insecure option is set in the paste.ini file, keystonemiddleware will always disable certificate verification, regardless of the variables value.
References
rhn.redhat.com/errata/RHSA-2014-1783.html
rhn.redhat.com/errata/RHSA-2014-1784.html
rhn.redhat.com/errata/RHSA-2015-0020.html
secunia.com/advisories/62709
www.openwall.com/lists/oss-security/2014/09/25/51
www.securityfocus.com/bid/69864
www.ubuntu.com/usn/USN-2705-1
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/python-keystoneclient/+bug/1353315
bugzilla.redhat.com/show_bug.cgi?id=1141933
rhn.redhat.com/errata/RHSA-2014-1783.html
Related
ubuntucve
ubuntucve
CVE-2014-7144
2014-10-02 00:00:00
CVE-2015-1852
2015-04-17 00:00:00
redhat
redhat
(RHSA-2015:0020) Moderate: python-keystoneclient security update
2015-01-08 00:00:00
(RHSA-2014:1783) Moderate: python-keystoneclient security and bug fix update
2014-11-03 08:25:29
(RHSA-2014:1784) Moderate: python-keystoneclient security and bug fix update
2014-11-03 08:27:17
nessus
nessus
RHEL 7 : python-keystoneclient (RHSA-2014:1784)
2024-04-27 00:00:00
Oracle Solaris Third-Party Patch Update : keystone (cve_2014_7144_cryptographic_issues)
2015-01-19 00:00:00
Ubuntu 14.04 LTS : Keystone vulnerabilities (USN-2705-1)
2015-08-06 00:00:00
prion
prion
Code injection
2014-10-02 14:55:00
Design/Logic Flaw
2015-04-17 17:59:00
osv
osv
OpenStack keystonemiddleware does not verify certificate
2022-05-17 03:45:51
PYSEC-2014-71
2014-10-02 14:55:00
PYSEC-2014-26
2014-10-02 14:55:00
github
github
OpenStack keystonemiddleware does not verify certificate
2022-05-17 03:45:51
cve
cve
CVE-2014-7144
2014-10-02 14:55:04
CVE-2015-1852
2015-04-17 17:59:02
debiancve
debiancve
CVE-2014-7144
2014-10-02 14:55:04
CVE-2015-1852
2015-04-17 17:59:02
cvelist
cvelist
CVE-2014-7144
2014-10-02 14:00:00
CVE-2015-1852
2015-04-17 17:00:00
nvd
nvd
CVE-2014-7144
2014-10-02 14:55:04
CVE-2015-1852
2015-04-17 17:59:02
openvas
openvas
Ubuntu: Security Advisory (USN-2705-1)
2015-08-06 00:00:00
ubuntu
ubuntu
Keystone vulnerabilities
2015-08-06 00:00:00
securityvulns
securityvulns
[USN-2705-1] Keystone vulnerabilities
2015-08-24 00:00:00
OpenStack Keystone restrictions bypass
2015-08-24 00:00:00