Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1865

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-1865
Last Modified 30 Nov 2013 11:27:23
Published 22 Mar 2013 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1865

Summary

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 12.10

Application

  • Openstack Folsom 2012.2


References

CONFIRM - https://review.openstack.org/#/c/24906/

CONFIRM - https://bugs.launchpad.net/keystone/+bug/1129713

UBUNTU - USN-1772-1

BID - 58616

MLIST - [oss-security] 20130320 [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865)

SECUNIA - 52657

OSVDB - 91532

SUSE - openSUSE-SU-2013:0565

REDHAT - RHSA-2013:0708

FEDORA - FEDORA-2013-4590


Last Updated: 27 May 2016 10:44:50