Back to search
CVE-2014-0161
Published: Jan 2, 2020
Modified: Aug 6, 2024
PUBLISHED
Description
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.
| Vendor | Product | Versions |
|---|---|---|
ovirt-engine-sdk-python | ovirt-engine-sdk-python | affected before 3.4.0.7 and 3.5.0.4 |
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-0161
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now