Home > Vulnerability Database > CVE-2015-5263

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-5263

Date: September 25, 2017

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.

Language: Python

Severity Score

8.1

Related Resources (6)

Url: http://www.openwall.com/lists/oss-security/2015/09/24/4

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-5263

Url: http://cve.killedkenny.io/cve/CVE-2015-5263

Url: https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103

Url: https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754

Url: https://www.mend.io/vulnerability-database/CVE-2015-5263

Severity Score

8.1

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us