Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-1843

Published: 06/04/2015 Updated: 26/07/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Docker

Vulnerability Summary

The Red Hat docker package prior to 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle malicious users to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat docker

Vendor Advisories

Red Hat: CVE-2015-1843
It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry ...

References

CWE-20http://rhn.redhat.com/errata/RHSA-2015-0776.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1206443http://www.securityfocus.com/bid/73936https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1843
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook