10 matches found
K15151: pyOpenSSL vulnerability CVE-2013-4314
Security Advisory Description The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...
Mageia: Security Advisory (MGASA-2013-0277)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : python-pyOpenSSL (openSUSE-SU-2013:1648-1)
update to 0.13.1 fixes the following security issue: NUL byte handling in subjectAltName bnc839107, CVE-2013-4314 CVE-2013-4314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-82...
SOL15151 - pyOpenSSL vulnerability CVE-2013-4314
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
CVE-2013-4314
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...
CVE-2013-4314
CVE-2013-4314 affects pyOpenSSL up to, but not including, 0.13.1. The X509Extension code fails to properly handle a NUL byte in a domain name inside the SAN of an X.509 certificate, enabling a MITM attacker to spoof an SSL server via a certificate issued by a trusted CA. Root cause: incorrect han...
Debian DSA-2763-1 : pyopenssl - hostname check bypassing
It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for 'www.foo.org\0.example.com' from a CA that a SSL client...
Debian: Security Advisory (DSA-2763-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Linux Security Advisory : python-OpenSSL (MDVSA-2013:233)
A vulnerability has been discovered and corrected in python-OpenSSL : The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate...
Updated python-OpenSSL package fixes security vulnerability
The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing CVE-2013-4314...