4 matches found
RHEL 6 : python-qpid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-qpid: client does not validate qpid server TLS/SSL certificate CVE-2013-1909 Note that Nessus has not tested...
RHEL 6 : Red Hat Enterprise MRG Messaging 2.3.3 (RHSA-2013:1024)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1024 advisory. Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased performanc...
UBUNTU-CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2013-1909
The CVE-2013-1909 issue affects the Python client in Apache Qpid prior to version 2.2, which does not verify that the server hostname matches the certificate’s CN/subjectAltName. This enables MITM with arbitrary valid certificates. Red Hat RHSA-2013:1024 notes upgrading to enable proper TLS/SSL c...