Lucene search

K
osvGoogleOSV:GHSA-PRCQ-52F8-FP44
HistoryMay 17, 2022 - 5:19 a.m.

Apache Libcloud vulnerable to certificate impersonation

2022-05-1705:19:14
Google
osv.dev
2
apache
libcloud
certificate impersonation
vulnerability
ssl servers
x.509 certificate

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

18.0%

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

18.0%