Skip to main content

DEPRECATED: Code

CVE-2015-1852

Severity Medium
Score 4.3/10

Summary

The s3_token middleware in OpenStack keystonemiddleware before 1.5.1 excluding version 1.3.2 and python-keystoneclient before 1.3.1 excluding version 1.1.1 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

  • MEDIUM
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

CWE-17 - DEPRECATED: Code

This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Advisory Timeline

  • Published