CVE-2014-0104
First published: Thu Jan 02 2020(Updated: )
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Clusterlabs Fence-agents | <4.0.17 | |
| debian/fence-agents | 4.3.3-2+deb10u1 4.7.1-1 4.12.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2014-0104?
CVE-2014-0104 is a vulnerability in fence-agents before version 4.0.17 that allows for potential man-in-the-middle attacks by not verifying remote SSL certificates.
How does CVE-2014-0104 affect fence-agents?
CVE-2014-0104 affects fence-agents before version 4.0.17 by not verifying remote SSL certificates, which could be exploited by man-in-the-middle attackers to spoof SSL servers.
What is the severity of CVE-2014-0104?
CVE-2014-0104 has a severity rating of medium with a score of 5.9.
Which software versions are affected by CVE-2014-0104?
CVE-2014-0104 affects fence-agents versions up to and excluding 4.0.17.
How can I mitigate CVE-2014-0104?
To mitigate CVE-2014-0104, update fence-agents to version 4.0.17 or higher.
- collector/nvd-index
- collector/security-tracker-debian
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/clusterlabs
- canonical/clusterlabs fence-agents
- package-manager/debian