CVE-2013-4111
Published Aug 28, 2013
Last updated 2 years ago
Overview
- Description
- The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.4.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "96F8151E-BD04-4E21-AE47-4FDD58F105F4"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.4.1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3436E5A2-D639-4482-8097-12722115AF04"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.4.2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "91697740-66F5-44FE-8DAD-3093260FFE9D"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.5.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4B54B9CF-3758-4945-8CA3-B404338350E0"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.5.1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4BFB15D1-FD78-46F2-A123-E920D820A474"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.6.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "16D71B16-A057-4804-9B7B-DDDCC1E16981"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.7.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8D2902F2-DACD-4636-B853-007561D9B69A"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.8.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9788B2B7-214F-449C-94C8-4FF6D79586A5"
},
{
"criteria": "cpe:2.3:a:openstack:python_glanceclient:0.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F0F8811-52DE-4644-8361-9638878FB40B"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"
}
],
"operator": "OR"
}
]
}
]