HomePentest-Tools.com Logo

HP Helion Eucalyptus Multiple Vulnerabilities CVE-2014-3577CVE-2016-8520

Severity
CVSSv3 Score
8.8
Vulnerability description

HP Helion Eucalyptus is prone to multiple vulnerabilities.

Risk description

HP Helion Eucalyptus is prone to multiple vulnerabilities: - A version of Apache httpclient library shipped with Eucalyptus does not correctly validates server hostname when checking X.509 certificates. This vulnerability can allow a man-in-the-middle attack to spoof an SSL server and hijack a connection. (CVE-2014-3577) - HP Helion Eucalyptus does not correctly check IAM users permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. (CVE-2016-8520) An attacker may hijack a connection or an authenticated user may access versioned data.

Recommendation

Update to version 4.3.1

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 21, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available