Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-7144

Published: 02/10/2014 Updated: 28/11/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Keystonemiddleware

Vulnerability Summary

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x prior to 0.11.0 and 1.x prior to 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote malicious users to conduct man-in-the-middle attacks via a crafted certificate.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack keystonemiddleware 1.1.0

openstack python-keystoneclient

openstack keystonemiddleware 1.1.1

openstack keystonemiddleware 1.0.0

Vendor Advisories

Red Hat: Moderate: python-keystoneclient security update
Synopsis Moderate: python-keystoneclient security update Type/Severity Security Advisory: Moderate Topic Updated python-keystoneclient packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 40Red Hat Product Security has rated this update as having Moderate s ...
Debian CVElist Bug Report Logs: [CVE-2014-7144] TLS cert verification option not honoured in paste configs
Debian Bug report logs - #762748 [CVE-2014-7144] TLS cert verification option not honoured in paste configs Package: python-keystonemiddleware; Maintainer for python-keystonemiddleware is Debian OpenStack <team+openstack@trackerdebianorg>; Source for python-keystonemiddleware is src:python-keystonemiddleware (PTS, buildd, popcon) ...
Ubuntu Security Notice: python-keystoneclient, python-keystonemiddleware vulnerabilities
Keystone could be made to expose sensitive information over the network ...

References

CWE-310http://www.openwall.com/lists/oss-security/2014/09/25/51https://bugs.launchpad.net/python-keystoneclient/+bug/1353315http://rhn.redhat.com/errata/RHSA-2014-1783.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1784.htmlhttp://secunia.com/advisories/62709http://rhn.redhat.com/errata/RHSA-2015-0020.htmlhttp://www.ubuntu.com/usn/USN-2705-1http://www.securityfocus.com/bid/69864https://access.redhat.com/errata/RHSA-2015:0020https://usn.ubuntu.com/2705-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook