Lucene search

K
amazonAmazonALAS-2015-521
HistoryMay 05, 2015 - 9:31 p.m.

Low: python-tornado

2015-05-0521:31:00
alas.aws.amazon.com
29

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.1%

Issue Overview:

A denial of service flaw was found in the way Python’s SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

Affected Packages:

python-tornado

Issue Correction:
Run yum update python-tornado to update your system.

New Packages:

noarch:  
    python27-tornado-2.2.1-7.7.amzn1.noarch  
    python26-tornado-2.2.1-7.7.amzn1.noarch  
    python27-tornado-doc-2.2.1-7.7.amzn1.noarch  
    python26-tornado-doc-2.2.1-7.7.amzn1.noarch  
  
src:  
    python-tornado-2.2.1-7.7.amzn1.src  

Additional References

Red Hat: CVE-2013-2099

Mitre: CVE-2013-2099

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.1%