CVE-2017-2639 – CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA

https://notcve.org/view.php?id=CVE-2017-2639

31 May 2017 — It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms. Se ha detectado que CloudForms no verifica que el nombre de host del servidor coincida con el nombre de dominio en el certificado cuando se utiliza una CA personalizada y se comunic... • http://www.securityfocus.com/bid/98769 • CWE-295: Improper Certificate Validation •