PT-2014-3138 · Openstack+2 · Openstack Oslo+2

Juanfra

Published

2014-02-01

Updated

2014-06-21

CVE-2013-6491

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Oslo versions prior to 2013.2

Description The issue concerns the python-qpid client in OpenStack Oslo, where SSL connections are not enforced when the qpid protocol is set to ssl. This allows remote attackers to obtain sensitive information by sniffing the network.

Recommendations For versions prior to 2013.2, update to version 2013.2 or later to resolve the issue. As a temporary workaround, consider configuring the qpid protocol to use a secure connection method. Restrict access to sensitive information until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2013-6491

RHSA-2014:0112

USN-2208-1

USN-2208-2

USN-2247-1

Affected Products

Openstack Oslo

Ubuntu

Python-Qpid

PT-2014-3138 · Openstack+2 · Openstack Oslo+2

CVE-2013-6491

Weakness Enumeration

Related Identifiers

Affected Products

References · 30