Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: IBM SmartCloud Orchestrator - OpenStack Compute SSL information disclosure (CVE-2013-6491) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
An attacker could exploit this vulnerability using man-in-the-middle techniques to obtain sensitive information. The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. CVE(s): CVE-2013-6491 Affected product(s) and affected version(s): SmartCloud Orchestrator 2.3, 2.3 FixPack 1, 2.2, 2.2 FixPack 1 Refer to the More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_openstack_compute_ssl_information_disclosure_cve_2013_6491?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2013-6491 ,CVE-2014-4615 ,CVE-2014-4749 ,CVE-2014-0224 ,CVE-2014-0453 and CVE-2014-2828. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2014-08-21 |