Lucene search
K

10 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.25 views

K15151: pyOpenSSL vulnerability CVE-2013-4314

Security Advisory Description The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

4.3CVSS8.8AI score0.01197EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2013-0277)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.01197EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.18 views

openSUSE Security Update : python-pyOpenSSL (openSUSE-SU-2013:1648-1)

update to 0.13.1 fixes the following security issue: NUL byte handling in subjectAltName bnc839107, CVE-2013-4314 CVE-2013-4314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-82...

4.3CVSS8.2AI score0.01197EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2014/04/10 12:0 a.m.32 views

SOL15151 - pyOpenSSL vulnerability CVE-2013-4314

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

4.3CVSS2.7AI score0.01197EPSS
Exploits0References4
OSV
OSV
added 2013/09/30 9:55 p.m.11 views

CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

9AI score
Exploits0References6
CVE
CVE
added 2013/09/30 9:0 p.m.89 views

CVE-2013-4314

CVE-2013-4314 affects pyOpenSSL up to, but not including, 0.13.1. The X509Extension code fails to properly handle a NUL byte in a domain name inside the SAN of an X.509 certificate, enabling a MITM attacker to spoof an SSL server via a certificate issued by a trusted CA. Root cause: incorrect han...

4.3CVSS6.1AI score0.01197EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/09/25 12:0 a.m.25 views

Debian DSA-2763-1 : pyopenssl - hostname check bypassing

It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for 'www.foo.org\0.example.com' from a CA that a SSL client...

4.3CVSS8.2AI score0.01197EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/09/23 12:0 a.m.25 views

Debian: Security Advisory (DSA-2763-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.7AI score0.01197EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/09/14 12:0 a.m.21 views

Mandriva Linux Security Advisory : python-OpenSSL (MDVSA-2013:233)

A vulnerability has been discovered and corrected in python-OpenSSL : The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate...

4.3CVSS8AI score0.01197EPSS
Exploits0References1
Mageia
Mageia
added 2013/09/13 8:16 p.m.30 views

Updated python-OpenSSL package fixes security vulnerability

The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing CVE-2013-4314...

4.3CVSS3AI score0.01197EPSS
Exploits0References3
Rows per page
Query Builder