Lucene search

Ubuntu.comUB:CVE-2015-4017

HistoryAug 25, 2017 - 12:00 a.m.

CVE-2015-4017

2017-08-2500:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.7%

JSON

Salt before 2014.7.6 does not verify certificates when connecting via the
aliyun, proxmox, and splunk modules.

Notes

Author	Note
sbeattie	vuln modules are only present in 2014.7.0 and later

References

www.openwall.com/lists/oss-security/2015/05/02/1

launchpad.net/bugs/cve/CVE-2015-4017

nvd.nist.gov/vuln/detail/CVE-2015-4017

security-tracker.debian.org/tracker/CVE-2015-4017

www.cve.org/CVERecord?id=CVE-2015-4017

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.7%

JSON

Related for UB:CVE-2015-4017