Vulnerability Description
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ovirt | Ovirt | 3.1 |
| Ovirt | Ovirt-Engine-Cli | <= 3.1.0.5 |
| Ovirt-Engine-Sdk | 3.1.0.5 | All versions |
Related Weaknesses (CWE)
References
- http://gerrit.ovirt.org/#/c/7209/
- http://gerrit.ovirt.org/#/c/7249/
- http://secunia.com/advisories/50409Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/08/24/6
- http://www.openwall.com/lists/oss-security/2012/08/26/1
- http://www.securityfocus.com/bid/55208
- https://bugzilla.redhat.com/show_bug.cgi?id=851672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77984
- http://gerrit.ovirt.org/#/c/7209/
- http://gerrit.ovirt.org/#/c/7249/
- http://secunia.com/advisories/50409Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/08/24/6
- http://www.openwall.com/lists/oss-security/2012/08/26/1
- http://www.securityfocus.com/bid/55208
- https://bugzilla.redhat.com/show_bug.cgi?id=851672
FAQ
What is CVE-2012-3533?
CVE-2012-3533 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-m...
How severe is CVE-2012-3533?
CVE-2012-3533 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3533?
Check the references section above for vendor advisories and patch information. Affected products include: Ovirt Ovirt, Ovirt Ovirt-Engine-Cli, Ovirt-Engine-Sdk 3.1.0.5.