Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-3908HistoryAug 12, 2015 - 2:59 p.m.
CVE-2015-3908
2015-08-1214:59:21
Debian Security Bug Tracker
security-tracker.debian.org
12
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.6%
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | ansible | < 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 11 | all | ansible | < 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 999 | all | ansible | < 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
| Debian | 13 | all | ansible | < 1.9.2+dfsg-1 | ansible_1.9.2+dfsg-1_all.deb |
Related
nessus
nessus
Fedora 22 : ansible-1.9.2-1.fc22 (2015-10797)
2015-07-06 00:00:00
openSUSE Security Update : ansible (openSUSE-2015-508)
2015-07-27 00:00:00
Fedora 21 : ansible-1.9.2-1.fc21 (2015-10807)
2015-07-06 00:00:00
mageia
mageia
Updated ansible package fixes security vulnerability
2015-07-29 00:01:59
github
github
nvd
nvd
CVE-2015-3908
2015-08-12 14:59:21
ubuntucve
ubuntucve
CVE-2015-3908
2015-08-12 00:00:00
cve
cve
CVE-2015-3908
2015-08-12 14:59:21
veracode
veracode
Man-in-the-Middle (MitM)
2017-04-05 02:01:13
openvas
openvas
Fedora Update for ansible FEDORA-2015-10797
2015-07-07 00:00:00
Fedora Update for ansible FEDORA-2015-10807
2015-10-30 00:00:00
Mageia: Security Advisory (MGASA-2015-0292)
2015-10-15 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: ansible-1.9.2-1.fc22
2015-07-05 18:56:03
[SECURITY] Fedora 21 Update: ansible-1.9.2-1.fc21
2015-07-05 18:56:55
osv
osv
PYSEC-2015-1
2015-08-12 14:59:00
Ansible does not verify that the server hostname matches a domain name in certificates
2018-10-10 17:23:51
ansible - security update
2019-09-16 00:00:00
prion
prion
Code injection
2015-08-12 14:59:00
cvelist
cvelist
CVE-2015-3908
2015-08-12 14:00:00
freebsd
freebsd
ansible -- multiple vulnerabilities
2015-06-25 00:00:00
debian
debian
[SECURITY] [DLA 1923-1] ansible security update
2019-09-16 12:23:29
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.6%
Related for DEBIANCVE:CVE-2015-3908