CVE-2013-4111

Currently unrated

Key Information:

Vendor: Openstack
Status: Python Glanceclient; Opensuse
Vendor: CVE Published:; 28 August 2013

Summary

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

http://secunia.com/advisories/54525

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/54313

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-2004-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Aug 28, 2013
Vulnerability Reserved
Jun 12, 2013