Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:openstack:keystonemiddleware:1.4.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1852 |
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. Published: April 17, 2015; 1:59:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |