RSS   Vulnerabilities for 'Docker-py'   RSS

2014-11-17
 
CVE-2014-5277

CWE-17
 

 
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.

 

 >>> Vendor: Docker 23 Products
Docker
Docker-py
Libcontainer
Docker registry
Credential helpers
Cs engine
Engine
Docker desktop
Notary docker image
Regisry
Registry
Composer
Adminer
Haproxy
Rabbitmq
Memcached
DOCS
Ghost alpine docker image
Haproxy docker image
Rabbitmq docker image
Memcached docker image
Desktop
Command line interface


Copyright 2022, cxsecurity.com

 

Back to Top