Lucene search

K
nvd[email protected]NVD:CVE-2013-4314
HistorySep 30, 2013 - 9:55 p.m.

CVE-2013-4314

2013-09-3021:55:09
CWE-20
web.nvd.nist.gov
3

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

51.9%

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Affected configurations

Nvd
Node
jean-paul_calderonepyopensslRange0.13
OR
jean-paul_calderonepyopensslMatch0.7
OR
jean-paul_calderonepyopensslMatch0.8a1
OR
jean-paul_calderonepyopensslMatch0.9
OR
jean-paul_calderonepyopensslMatch0.10
OR
jean-paul_calderonepyopensslMatch0.11
OR
jean-paul_calderonepyopensslMatch0.11a1
OR
jean-paul_calderonepyopensslMatch0.11a2
OR
jean-paul_calderonepyopensslMatch0.12
Node
canonicalubuntu_linuxMatch10.04-lts
OR
canonicalubuntu_linuxMatch12.04-lts
OR
canonicalubuntu_linuxMatch12.10
OR
canonicalubuntu_linuxMatch13.04
VendorProductVersionCPE
jean-paul_calderonepyopenssl*cpe:2.3:a:jean-paul_calderone:pyopenssl:*:*:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.7cpe:2.3:a:jean-paul_calderone:pyopenssl:0.7:*:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.8cpe:2.3:a:jean-paul_calderone:pyopenssl:0.8:a1:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.9cpe:2.3:a:jean-paul_calderone:pyopenssl:0.9:*:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.10cpe:2.3:a:jean-paul_calderone:pyopenssl:0.10:*:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.11cpe:2.3:a:jean-paul_calderone:pyopenssl:0.11:*:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.11cpe:2.3:a:jean-paul_calderone:pyopenssl:0.11:a1:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.11cpe:2.3:a:jean-paul_calderone:pyopenssl:0.11:a2:*:*:*:*:*:*
jean-paul_calderonepyopenssl0.12cpe:2.3:a:jean-paul_calderone:pyopenssl:0.12:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Rows per page:
1-10 of 131

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

51.9%