Vulnerabilities > CVE-2014-7968 - Cryptographic Issues vulnerability in Redhat Virtual Desktop Service Manager

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2014-10-22

Updated: 2014-10-23

Summary

VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Virtual Desktop Service Manager -	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Redhat

rpms

vdsm-0:4.14.18-4.el6ev
vdsm-0:4.14.18-4.el7ev
vdsm-api-0:4.14.18-4.el7ev
vdsm-bootstrap-0:4.14.18-4.el6ev
vdsm-bootstrap-0:4.14.18-4.el7ev
vdsm-cli-0:4.14.18-4.el6ev
vdsm-cli-0:4.14.18-4.el7ev
vdsm-debuginfo-0:4.14.18-4.el6ev
vdsm-debuginfo-0:4.14.18-4.el7ev
vdsm-hook-openstacknet-0:4.14.18-4.el7ev
vdsm-hook-vhostmd-0:4.14.18-4.el6ev
vdsm-hook-vhostmd-0:4.14.18-4.el7ev
vdsm-jsonrpc-0:4.14.18-4.el7ev
vdsm-python-0:4.14.18-4.el6ev
vdsm-python-0:4.14.18-4.el7ev
vdsm-python-zombiereaper-0:4.14.18-4.el6ev
vdsm-python-zombiereaper-0:4.14.18-4.el7ev
vdsm-reg-0:4.14.18-4.el6ev
vdsm-reg-0:4.14.18-4.el7ev
vdsm-xmlrpc-0:4.14.18-4.el6ev
vdsm-xmlrpc-0:4.14.18-4.el7ev
vdsm-yajsonrpc-0:4.14.18-4.el7ev

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.