CVE-2013-6491

Openstack Oslo < 2013 - Cryptographic Issue

Title source: rule

Description

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

References (4)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0112.html

[Issue Tracking] https://bugs.launchpad.net/oslo/+bug/1158807

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2247-1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=996766

Scores

EPSS 0.0039

EPSS Percentile 59.6%

Classification

CWE

CWE-310

Status draft

Affected Products (2)

openstack/oslo < 2013

redhat/openstack

Timeline

Published Feb 02, 2014

Tracked Since Feb 18, 2026