HP Helion Eucalyptus Multiple Vulnerabilities CVE-2014-3577CVE-2016-8520
- CVSSv3 Score
- Vulnerability description
HP Helion Eucalyptus is prone to multiple vulnerabilities.
- Risk description
HP Helion Eucalyptus is prone to multiple vulnerabilities: - A version of Apache httpclient library shipped with Eucalyptus does not correctly validates server hostname when checking X.509 certificates. This vulnerability can allow a man-in-the-middle attack to spoof an SSL server and hijack a connection. (CVE-2014-3577) - HP Helion Eucalyptus does not correctly check IAM users permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. (CVE-2016-8520) An attacker may hijack a connection or an authenticated user may access versioned data.
Update to version 4.3.1
- Not available