The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. |
02 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2012-0861 rhev: vds_installer is prone to MITM when downloading 2nd stage installer | |
References |
|
Information
Published : 2013-01-04 22:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-0861
Mitre link : CVE-2012-0861
CVE.ORG link : CVE-2012-0861
JSON object : View
Products Affected
redhat
- enterprise_virtualization_manager
CWE
CWE-310
Cryptographic Issues