Summary: | CVE-2014-8164 CFME: http.verify_mode = OpenSSL::SSL::VERIFY_NONE | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED DEFERRED | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | apatters, bdunne, dajohnso, dclarizi, gmccullo, jfrey, jhenner, jprause, jrafanie, jrusnack, jvlcek, kseifried, mpovolny, obarenbo, security-response-team, xlecauch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-06-30 20:28:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Bug Depends On: | 1151209, 1151210 | ||
Bug Blocks: | 1129011 |
Description
Kurt Seifried
2014-10-09 19:25:03 UTC
This has been deferred for now. One challenge is to enable certificate host name checking this customers will require a large number of valid host certificates. This is difficult for many customers due to the use of internal hosts, as such enabling host name checks by default will break many installs. *** Bug 1281383 has been marked as a duplicate of this bug. *** |