Showing 1 - 1 of 1

CVE-2015-1843

Status Candidate

Overview

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.

Related Files

Red Hat Security Advisory 2015-0776-01: Posted Apr 2, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-0776-01 - Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.; tags | advisory, web, registry; systems | linux, redhat; advisories | CVE-2015-1843; SHA-256 | b89975366ee6328c10cdb0972ba6d35579d720825039dd0de3a5990c71892d7a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 163 files
Ubuntu 99 files
indoushka 62 files
Debian 22 files
nu11secur1ty 19 files
CraCkEr 8 files
Google Security Research 7 files
Gentoo 7 files
Apple 6 files
bluedragonsec 4 files

File Archives

Systems

AIX (428)
Apple (2,009)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,842)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,329)
HPUX (879)
iOS (353)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,811)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,916)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,938)
UNIX (9,313)
UnixWare (186)
Windows (6,588)
Other

CVE-2015-1843

Overview

Related Files

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems