Lucene search

K
nvd[email protected]NVD:CVE-2013-1909
HistoryAug 23, 2013 - 4:55 p.m.

CVE-2013-1909

2013-08-2316:55:07
CWE-20
web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.4%

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

NVD
Node
redhatenterprise_mrgMatch2.0
Node
apacheqpidRange≤0.20
OR
apacheqpidMatch0.5
OR
apacheqpidMatch0.6
OR
apacheqpidMatch0.7
OR
apacheqpidMatch0.8
OR
apacheqpidMatch0.9
OR
apacheqpidMatch0.10
OR
apacheqpidMatch0.11
OR
apacheqpidMatch0.12
OR
apacheqpidMatch0.13
OR
apacheqpidMatch0.14
OR
apacheqpidMatch0.15
OR
apacheqpidMatch0.16
OR
apacheqpidMatch0.17
OR
apacheqpidMatch0.18
OR
apacheqpidMatch0.19

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.4%