Lucene search

K
osvGoogleOSV:PYSEC-2013-25
HistoryAug 23, 2013 - 4:55 p.m.

PYSEC-2013-25

2013-08-2316:55:00
Google
osv.dev
5

0.001 Low

EPSS

Percentile

31.5%

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CPENameOperatorVersion
qpid-pythoneq0.20

0.001 Low

EPSS

Percentile

31.5%