Libcloud SSL Certificates Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Libcloud and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. Impact Level: Application

Solution

Upgrade to libcloud version 0.4.1 or later For updates refer to http://libcloud.apache.org/

Insight

The flaw is due to improper verification of SSL certificates for HTTPS connections.

Affected

libcloud version prior to 0.4.1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
http://wiki.apache.org/incubator/LibcloudSSL
https://issues.apache.org/jira/browse/LIBCLOUD-55

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4340

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)

Take action and discover your vulnerabilities