CVE-2011-4076 - Vulnerability Details

Vendors	Products
Openstack	Nova

Link	Providers
https://access.redhat.com/security/cve/cve-2011-4076
https://bugs.launchpad.net/nova/+bug/868360
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
https://security-tracker.debian.org/tracker/CVE-2011-4076
https://www.openwall.com/lists/oss-security/2011/10/25/4

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "nova", "vendor": "nova", "versions": [{"status": "affected", "version": "2014.1.3-11"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-26T03:53:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4076"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2011-4076"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/nova/+bug/868360"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2011/10/25/4"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:53:32.881Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4076"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2011-4076"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/nova/+bug/868360"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2011/10/25/4"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4076", "datePublished": "2019-11-26T03:53:58", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-06T23:53:32.881Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : nova (string)

vendor : nova (string)

versions : [ »

0 : { »

status : affected (string)

version : 2014.1.3-11 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Other (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-11-26T03:53:58 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://security-tracker.debian.org/tracker/CVE-2011-4076 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://access.redhat.com/security/cve/cve-2011-4076 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugs.launchpad.net/nova/+bug/868360 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.openwall.com/lists/oss-security/2011/10/25/4 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T23:53:32.881Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://security-tracker.debian.org/tracker/CVE-2011-4076 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://access.redhat.com/security/cve/cve-2011-4076 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugs.launchpad.net/nova/+bug/868360 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.openwall.com/lists/oss-security/2011/10/25/4 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2011-4076 (string)

datePublished : 2019-11-26T03:53:58 (string)

dateReserved : 2011-10-18T00:00:00 (string)

dateUpdated : 2024-08-06T23:53:32.881Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A9AC825-A3CA-48E5-A181-2F41D3E1E350", "versionEndExcluding": "2012.1", "versionStartIncluding": "2010.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY."}, {"lang": "es", "value": "OpenStack Nova versiones anteriores a 2012.1, permite a alguien con acceso a una EC2_ACCESS_KEY (equivalente a un nombre de usuario) obtener la EC2_SECRET_KEY (equivalente a una contrase\u00f1a). Exponer el EC2_ACCESS_KEY por medio de http o herramientas que permiten ataques de tipo man-in-the-middle sobre https podr\u00eda permitir a un atacante obtener f\u00e1cilmente el EC2_SECRET_KEY. Un atacante tambi\u00e9n podr\u00eda presumir valores por fuerza bruta para EC2_ACCESS_KEY."}], "id": "CVE-2011-4076", "lastModified": "2024-11-21T01:31:47.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-26T04:15:11.137", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4076"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/nova/+bug/868360"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4076"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2011/10/25/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/nova/+bug/868360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2011/10/25/4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A9AC825-A3CA-48E5-A181-2F41D3E1E350 (string)

versionEndExcluding : 2012.1 (string)

versionStartIncluding : 2010.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. (string)

}

1 : { »

lang : es (string)

value : OpenStack Nova versiones anteriores a 2012.1, permite a alguien con acceso a una EC2_ACCESS_KEY (equivalente a un nombre de usuario) obtener la EC2_SECRET_KEY (equivalente a una contraseña). Exponer el EC2_ACCESS_KEY por medio de http o herramientas que permiten ataques de tipo man-in-the-middle sobre https podría permitir a un atacante obtener fácilmente el EC2_SECRET_KEY. Un atacante también podría presumir valores por fuerza bruta para EC2_ACCESS_KEY. (string)

}

]

id : CVE-2011-4076 (string)

lastModified : 2024-11-21T01:31:47.983 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.9 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-11-26T04:15:11.137 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/security/cve/cve-2011-4076 (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Patch (string)

3 : Third Party Advisory (string)

]

url : https://bugs.launchpad.net/nova/+bug/868360 (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076 (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://security-tracker.debian.org/tracker/CVE-2011-4076 (string)

}

4 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://www.openwall.com/lists/oss-security/2011/10/25/4 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/security/cve/cve-2011-4076 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Patch (string)

3 : Third Party Advisory (string)

]

url : https://bugs.launchpad.net/nova/+bug/868360 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://security-tracker.debian.org/tracker/CVE-2011-4076 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://www.openwall.com/lists/oss-security/2011/10/25/4 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object