Lucene search
GoogleOSV:PYSEC-2013-22HistoryAug 06, 2013 - 2:52 a.m.
PYSEC-2013-22
2013-08-0602:52:00
Google
osv.dev
9
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
| CPE | Name | Operator | Version |
|---|---|---|---|
| setuptools | eq | 0.6b3 | |
| setuptools | eq | 0.6c11 | |
| setuptools | eq | 0.6b4 | |
| setuptools | eq | 0.6c6 | |
| setuptools | eq | 0.6b1 | |
| setuptools | eq | 0.6c8 | |
| setuptools | eq | 0.6c10 | |
| setuptools | eq | 0.6c4 | |
| setuptools | eq | 0.6c5 | |
| setuptools | eq | 0.6c9 |
Related
nessus
nessus
Mandriva Linux Security Advisory : python-setuptools (MDVSA-2013:227)
2013-09-10 00:00:00
SuSE 11.3 Security Update : python-setuptools (SAT Patch Number 9116)
2014-04-15 00:00:00
GLSA-201310-09 : Setuptools: Man-in-the-Middle attack
2013-10-11 00:00:00
cve
cve
CVE-2013-1633
2013-08-06 02:52:00
ubuntucve
ubuntucve
CVE-2013-1633
2013-08-06 00:00:00
prion
prion
Design/Logic Flaw
2013-08-06 02:52:00
osv
osv
Setuptools vulnerable to Man-in-the-middle attacks
2022-05-17 05:01:02
mageia
mageia
openvas
openvas
Gentoo Security Advisory GLSA 201310-09
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2013-0274)
2022-01-28 00:00:00
Fedora Update for python-virtualenv FEDORA-2013-14891
2013-09-06 00:00:00
github
github
Setuptools vulnerable to Man-in-the-middle attacks
2022-05-17 05:01:02
fedora
fedora
[SECURITY] Fedora 18 Update: python-virtualenv-1.10.1-1.fc18
2013-09-05 01:25:58
[SECURITY] Fedora 19 Update: python-virtualenv-1.10.1-1.fc19
2013-09-05 01:26:45
gentoo
gentoo
Setuptools: Man-in-the-Middle attack
2013-10-10 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:227 ] python-setuptools
2013-09-11 00:00:00
python libraries security vulnerabilities
2013-09-11 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for OSV:PYSEC-2013-22