Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-2037
HistoryJan 18, 2014 - 9:55 p.m.

CVE-2013-2037

2014-01-1821:55:00
CWE-20
[email protected]
web.nvd.nist.gov
23
cve-2013-2037
ssl server spoofing
httplib2
x.509 certificate
nvd
man-in-the-middle attack

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Related

nessus 3
ibm 1
debiancve 1
github 1
prion 1
securityvulns 2
openvas 3
ubuntucve 1
fedora 1
osv 1
cvelist 1
ubuntu 1
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : python-httplib2 vulnerability (USN-1948-1)
2013-09-10 00:00:00
Fedora 22 : python-httplib2-0.9-6.fc22 (2015-5503)
2015-04-22 00:00:00
Mandriva Linux Security Advisory : python-httplib2 (MDVSA-2013:168)
2013-05-28 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Python-httplib2 affects PowerKVM (CVE-2013-2037)
2018-06-18 01:29:42
debiancve
debiancve
CVE-2013-2037
2014-01-18 21:55:00
github
github
httplib2 incorrectly checks SSL certificate
2022-05-14 01:52:01
prion
prion
Code injection
2014-01-18 21:55:00
securityvulns
securityvulns
[ MDVSA-2013:168 ] python-httplib2
2013-06-05 00:00:00
python-httplib insufficient certificate validation
2013-06-05 00:00:00
openvas
openvas
Ubuntu Update for python-httplib2 USN-1948-1
2013-09-12 00:00:00
Fedora Update for python-httplib2 FEDORA-2015-5503
2015-07-07 00:00:00
Ubuntu: Security Advisory (USN-1948-1)
2013-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2013-2037
2013-05-02 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: python-httplib2-0.9-6.fc22
2015-04-21 18:26:58
osv
osv
PYSEC-2014-81
2014-01-18 21:55:00
cvelist
cvelist
CVE-2013-2037
2014-01-18 21:00:00
ubuntu
ubuntu
httplib2 vulnerability
2013-09-09 00:00:00

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON
Related for CVE-2013-2037
nessus3ibm1debiancve1github1prion1securityvulns2openvas3ubuntucve1fedora1osv1cvelist1ubuntu1