5.9

CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackCompute Version2013.1
OpenstackKeystone Version2013
RedhatOpenstack Version3.0
RedhatOpenstack Version4.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.569
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://access.redhat.com/security/cve/cve-2013-2255
Vendor Advisory
https://bugs.launchpad.net/ossn/+bug/1188189
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
Vendor Advisory
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
Third Party Advisory
VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-2255
Third Party Advisory
https://www.securityfocus.com/bid/61118
Third Party Advisory
VDB Entry