CVE-2014-0161
https://notcve.org/view.php?id=CVE-2014-0161
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. ovirt-engine-sdk-python versiones anteriores a la versión 3.4.0.7 y 3.5.0.4, no comprueba que el nombre de host del endpoint remoto coincida con el Common Name (CN) o subjectAltName según lo especificado por su certificado x.509 en una sesión TLS/SSL. Esto podría permitir a atacantes de tipo man-in-the-middle falsificar endpoints remotos por medio de un certificado válido arbitrario. • https://access.redhat.com/security/cve/cve-2014-0161 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161 • CWE-295: Improper Certificate Validation •
CVE-2012-3533
https://notcve.org/view.php?id=CVE-2012-3533
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. El SDK de Python antes de v3.1.0.6 y v3.1.0.8 y CLI antes de v3.1.0.8 para oVirt v3.1 no comprueban el certificado SSL de servidor contra las claves de cliente, lo que permite a atacantes remotos falsificar un servidor a través de un ataque man-in-the-middle (MITM). • http://gerrit.ovirt.org/#/c/7209 http://gerrit.ovirt.org/#/c/7249 http://secunia.com/advisories/50409 http://www.openwall.com/lists/oss-security/2012/08/24/6 http://www.openwall.com/lists/oss-security/2012/08/26/1 http://www.securityfocus.com/bid/55208 https://bugzilla.redhat.com/show_bug.cgi?id=851672 https://exchange.xforce.ibmcloud.com/vulnerabilities/77984 • CWE-310: Cryptographic Issues •