IBM Security Bulletin: IBM SmartCloud Orchestrator - OpenStack Compute SSL information disclosure (CVE-2013-6491)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirttivoli psirtmedium
0 Comments | 454 Visits
An attacker could exploit this vulnerability using man-in-the-middle techniques to obtain sensitive information. The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
SmartCloud Orchestrator 2.3, 2.3 FixPack 1, 2.2, 2.2 FixPack 1