CVE-2017-2639
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | CloudForms | n/a | affected |
Weaknesses
- CWE-295: CWE-295
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/98769
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639
- https://access.redhat.com/errata/RHSA-2017:1367
- http://www.securitytracker.com/id/1038599
References
- http://www.securityfocus.com/bid/98769
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639
- https://access.redhat.com/errata/RHSA-2017:1367
- http://www.securitytracker.com/id/1038599
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.