Vulnerability in Openstack Oslo

CVE-2013-6491

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.005 (64.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Oslo
Redhat Openstack — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
USN-2247-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2014:0112 (x_refsource_REDHAT, vendor-advisory)