Search criteria
9 vulnerabilities found for libcloud by apache
FKIE_CVE-2013-6480
Vulnerability from fkie_nvd - Published: 2014-01-07 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:libcloud:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8F110F-AFFA-456E-A7C7-8F6D08BEA53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC50FE5-886C-4B1D-B0E4-9C0162B33CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9017DE0C-D528-4414-B490-B99509A12726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13AACA2B-74EC-4DC4-BE0E-06807E4C0892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "610F2077-8358-4CC3-A94F-5D420C2D5FBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM."
},
{
"lang": "es",
"value": "Libcloud versiones 0.12.3 hasta 0.13.2, no ajusta el par\u00e1metro scrub_data para la API destroy DigitalOcean, que permite a los usuarios locales obtener informaci\u00f3n confidencial mediante el aprovechamiento de una nueva m\u00e1quina virtual."
}
],
"id": "CVE-2013-6480",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-07T18:55:07.083",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://libcloud.apache.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/64617"
},
{
"source": "secalert@redhat.com",
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/fog/fog/issues/2525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://libcloud.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/fog/fog/issues/2525"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3446
Vulnerability from fkie_nvd - Published: 2012-11-04 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:libcloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA84103-FCEF-4050-A42D-3CDFACD04B52",
"versionEndExcluding": "0.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
},
{
"lang": "es",
"value": "Apache Libcloud antes de v0.11.1 usa una expresi\u00f3n regular incorrecta durante la comprobaci\u00f3n de si el nombre del servidor coincide con un nombre de dominio en el nombre com\u00fan (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite falsificar servidores SSL a atacantes man-in-the-middle mediante un certificado v\u00e1lido de su elecci\u00f3n."
}
],
"id": "CVE-2012-3446",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-11-04T22:55:03.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4340
Vulnerability from fkie_nvd - Published: 2011-09-12 12:41 - Updated: 2025-04-11 00:51
Severity ?
Summary
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:libcloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38B0947F-E9E0-4E8C-901D-FAB7A22B3A6A",
"versionEndIncluding": "0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711C1876-35C7-4153-B344-1D461E6BED80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12AD59FE-8AD1-41C5-B9AC-F51EA7E07086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:libcloud:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15A06412-37E3-471A-B022-C1B8D3C5B7F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack."
},
{
"lang": "es",
"value": "Las versiones de Libcloud antes de la v0.4.1 no verifican los certificados SSL para conexiones HTTPS, lo que permite a atacantes remotos falsificar certificados y eludir las restricciones de acceso a trav\u00e9s de un ataque de hombre en el medio (MITM)."
}
],
"id": "CVE-2010-4340",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-12T12:41:27.473",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-6480 (GCVE-0-2013-6480)
Vulnerability from cvelistv5 – Published: 2014-01-07 18:00 – Updated: 2024-08-06 17:39
VLAI?
Summary
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libcloud.apache.org/security.html"
},
{
"name": "20140101 [CVE-2013-6480] Libcloud doesn\u0027t send scrub_data query parameter when destroying a DigitalOcean node",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"name": "openSUSE-SU-2014:0198",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fog/fog/issues/2525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "64617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libcloud.apache.org/security.html"
},
{
"name": "20140101 [CVE-2013-6480] Libcloud doesn\u0027t send scrub_data query parameter when destroying a DigitalOcean node",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"name": "openSUSE-SU-2014:0198",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fog/fog/issues/2525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64617"
},
{
"name": "http://libcloud.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://libcloud.apache.org/security.html"
},
{
"name": "20140101 [CVE-2013-6480] Libcloud doesn\u0027t send scrub_data query parameter when destroying a DigitalOcean node",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"name": "https://digitalocean.com/blog_posts/transparency-regarding-data-security",
"refsource": "MISC",
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"name": "openSUSE-SU-2014:0198",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"name": "https://github.com/fog/fog/issues/2525",
"refsource": "MISC",
"url": "https://github.com/fog/fog/issues/2525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6480",
"datePublished": "2014-01-07T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3446 (GCVE-0-2012-3446)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-04T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3446",
"datePublished": "2012-11-04T22:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-08-06T20:05:12.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4340 (GCVE-0-2010-4340)
Vulnerability from cvelistv5 – Published: 2011-09-11 20:00 – Updated: 2024-09-17 01:35
VLAI?
Summary
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"name": "[libcloud] 20101108 SSL certs checking",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-11T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"name": "[libcloud] 20101108 SSL certs checking",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E"
},
{
"name": "http://wiki.apache.org/incubator/LibcloudSSL",
"refsource": "MISC",
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"name": "[libcloud] 20101108 SSL certs checking",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"name": "https://issues.apache.org/jira/browse/LIBCLOUD-55",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4340",
"datePublished": "2011-09-11T20:00:00Z",
"dateReserved": "2010-11-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:31.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6480 (GCVE-0-2013-6480)
Vulnerability from nvd – Published: 2014-01-07 18:00 – Updated: 2024-08-06 17:39
VLAI?
Summary
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libcloud.apache.org/security.html"
},
{
"name": "20140101 [CVE-2013-6480] Libcloud doesn\u0027t send scrub_data query parameter when destroying a DigitalOcean node",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"name": "openSUSE-SU-2014:0198",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fog/fog/issues/2525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "64617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libcloud.apache.org/security.html"
},
{
"name": "20140101 [CVE-2013-6480] Libcloud doesn\u0027t send scrub_data query parameter when destroying a DigitalOcean node",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"name": "openSUSE-SU-2014:0198",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fog/fog/issues/2525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64617"
},
{
"name": "http://libcloud.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://libcloud.apache.org/security.html"
},
{
"name": "20140101 [CVE-2013-6480] Libcloud doesn\u0027t send scrub_data query parameter when destroying a DigitalOcean node",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530624/100/0/threaded"
},
{
"name": "https://digitalocean.com/blog_posts/transparency-regarding-data-security",
"refsource": "MISC",
"url": "https://digitalocean.com/blog_posts/transparency-regarding-data-security"
},
{
"name": "openSUSE-SU-2014:0198",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"
},
{
"name": "https://github.com/fog/fog/issues/2525",
"refsource": "MISC",
"url": "https://github.com/fog/fog/issues/2525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6480",
"datePublished": "2014-01-07T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3446 (GCVE-0-2012-3446)
Vulnerability from nvd – Published: 2012-11-04 22:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-04T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3446",
"datePublished": "2012-11-04T22:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-08-06T20:05:12.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4340 (GCVE-0-2010-4340)
Vulnerability from nvd – Published: 2011-09-11 20:00 – Updated: 2024-09-17 01:35
VLAI?
Summary
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"name": "[libcloud] 20101108 SSL certs checking",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-11T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"name": "[libcloud] 20101108 SSL certs checking",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E"
},
{
"name": "http://wiki.apache.org/incubator/LibcloudSSL",
"refsource": "MISC",
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"name": "[libcloud] 20101108 SSL certs checking",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"name": "https://issues.apache.org/jira/browse/LIBCLOUD-55",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4340",
"datePublished": "2011-09-11T20:00:00Z",
"dateReserved": "2010-11-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:31.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}