Published: 02/02/2014 Updated: 21/06/2014

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo prior to 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote malicious users to obtain sensitive information by sniffing the network.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openstack 3.0
openstack oslo

Synopsis Moderate: openstack-nova security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated openstack-nova packages that fix two security issues and three bugsare now available for Red Hat Enterprise Linux OpenStack Platform 30The Red Hat Security Response Team has rated this upd ...

OpenStack Quantum could be made to expose sensitive information over the network ...

OpenStack Cinder could be made to expose sensitive information over the network ...

Several security issues were fixed in OpenStack Nova ...

CWE-310 https://bugzilla.redhat.com/show_bug.cgi?id=996766 https://bugs.launchpad.net/oslo/+bug/1158807 http://rhn.redhat.com/errata/RHSA-2014-0112.html http://www.ubuntu.com/usn/USN-2247-1 https://access.redhat.com/errata/RHSA-2014:0112 https://nvd.nist.gov https://usn.ubuntu.com/2208-2/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6491

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect