CVE-2014-7144

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-7144
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2014-1783.html
http://rhn.redhat.com/errata/RHSA-2014-1784.html
http://rhn.redhat.com/errata/RHSA-2015-0020.html
http://secunia.com/advisories/62709
http://www.openwall.com/lists/oss-security/2014/09/25/51 Patch
http://www.securityfocus.com/bid/69864
http://www.ubuntu.com/usn/USN-2705-1
https://bugs.launchpad.net/python-keystoneclient/+bug/1353315 Patch
http://rhn.redhat.com/errata/RHSA-2014-1783.html
http://rhn.redhat.com/errata/RHSA-2014-1784.html
http://rhn.redhat.com/errata/RHSA-2015-0020.html
http://secunia.com/advisories/62709
http://www.openwall.com/lists/oss-security/2014/09/25/51 Patch
http://www.securityfocus.com/bid/69864
http://www.ubuntu.com/usn/USN-2705-1
https://bugs.launchpad.net/python-keystoneclient/+bug/1353315 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:keystonemiddleware:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystonemiddleware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystonemiddleware:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:16

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2014-1783.html - () http://rhn.redhat.com/errata/RHSA-2014-1783.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1784.html - () http://rhn.redhat.com/errata/RHSA-2014-1784.html -
References () http://rhn.redhat.com/errata/RHSA-2015-0020.html - () http://rhn.redhat.com/errata/RHSA-2015-0020.html -
References () http://secunia.com/advisories/62709 - () http://secunia.com/advisories/62709 -
References () http://www.openwall.com/lists/oss-security/2014/09/25/51 - Patch () http://www.openwall.com/lists/oss-security/2014/09/25/51 - Patch
References () http://www.securityfocus.com/bid/69864 - () http://www.securityfocus.com/bid/69864 -
References () http://www.ubuntu.com/usn/USN-2705-1 - () http://www.ubuntu.com/usn/USN-2705-1 -
References () https://bugs.launchpad.net/python-keystoneclient/+bug/1353315 - Patch () https://bugs.launchpad.net/python-keystoneclient/+bug/1353315 - Patch
Information

Published : 2014-10-02 14:55

Updated : 2024-11-21 02:16

NVD link : CVE-2014-7144

Mitre link : CVE-2014-7144

CVE.ORG link : CVE-2014-7144

JSON object : View

Products Affected

openstack

  • keystonemiddleware
  • python-keystoneclient
CWE
CWE-310

Cryptographic Issues


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024