Libcloud SSL Certificates Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Libcloud and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. Impact Level: Application

Solution

Upgrade to libcloud version 0.4.1 or later For updates refer to http://libcloud.apache.org/

Insight

The flaw is due to improper verification of SSL certificates for HTTPS connections.

Affected

libcloud version prior to 0.4.1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
http://wiki.apache.org/incubator/LibcloudSSL
https://issues.apache.org/jira/browse/LIBCLOUD-55

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4340

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
Apache Tomcat Multiple Vulnerabilities - 02 Mar14
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities