RSS   Vulnerabilities for 'Docker-py'   RSS

2014-11-17
 
CVE-2014-5277

CWE-17
 

 
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.

 

 >>> Vendor: Docker 23 Products
Desktop
Engine
Memcached
Haproxy
Docker
Docker-py
Rabbitmq
Libcontainer
Docker registry
Adminer
Registry
Credential helpers
Command line interface
Cs engine
Docker desktop
Notary docker image
Regisry
Composer
DOCS
Ghost alpine docker image
Haproxy docker image
Rabbitmq docker image
Memcached docker image


Copyright 2024, cxsecurity.com

 

Back to Top