The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-01-04T22:00:00

Updated: 2024-08-06T18:38:14.953Z

Reserved: 2012-01-19T00:00:00

Link: CVE-2012-0861

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-01-04T22:55:01.680

Modified: 2024-11-21T01:35:51.813

Link: CVE-2012-0861

cve-icon Redhat

Severity : Important

Publid Date: 2012-12-04T00:00:00Z

Links: CVE-2012-0861 - Bugzilla