The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/65077 | |
http://www.securitytracker.com/id/1029653 | |
http://rhn.redhat.com/errata/RHSA-2014-0038.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-01-24 10:55
Updated : 2023-02-12 20:49
NVD link : CVE-2013-6434
Mitre link : CVE-2013-6434
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
redhat
- enterprise_virtualization_manager