CVE-2013-2255 - OpenCVE

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openstack
Debian	Debian Linux
Openstack	Compute Keystone

Configuration 1 [-]

OR	cpe:2.3:a:openstack:compute:2013.1:::::::*
	cpe:2.3:a:openstack:keystone:2013:::::::*
	cpe:2.3:a:redhat:openstack:3.0:::::::*
	cpe:2.3:a:redhat:openstack:4.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

References

Link	Resource
https://access.redhat.com/security/cve/cve-2013-2255	Vendor Advisory
https://bugs.launchpad.net/ossn/+bug/1188189	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255	Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255	Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85562	Third Party Advisory VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-2255	Third Party Advisory
https://www.securityfocus.com/bid/61118	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-01T18:38:01

Updated: 2019-11-01T18:38:01

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2255

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-11-01T19:15:10.963

Modified: 2019-11-07T19:38:40.460

Link: CVE-2013-2255

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DE1DE9A-0D08-448B-AF80-7ACA236F2A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*", "matchCriteriaId": "F9DCDA4F-C2CA-4BB6-88B1-8FA4F2D8D0C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates."}, {"lang": "es", "value": "HTTPSConnections en OpenStack Keystone versi\u00f3n 2013, OpenStack Compute versi\u00f3n 2013.1 y posiblemente otros componentes de OpenStack, no pueden comprobar los certificados SSL del lado del servidor."}], "id": "CVE-2013-2255", "lastModified": "2019-11-07T19:38:40.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-01T19:15:10.963", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2013-2255"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ossn/+bug/1188189"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85562"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2013-2255"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.securityfocus.com/bid/61118"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}