Python存在多个安全漏洞，允许远程攻击者利用漏洞进行伪造攻击和进行拒绝服务攻击。
1，Python SSL模块没有正确处理服务器SSL证书中的"subjectAltNames"通用名的空字节，允许攻击者通过中间人攻击进行服务器伪造攻击，可获取敏感信息。
2，不受限的调用Lib/httplib.py中的"readline()"可导致消耗大量内存资源，造成拒绝服务攻击。
3，不受限的调用Lib/ftplib.py中的"readline()"可导致消耗大量内存资源，造成拒绝服务攻击。
4，不受限的调用Lib/imaplib.py中的"readline()"可导致消耗大量内存资源，造成拒绝服务攻击。
5，不受限的调用Lib/nntplib.py中的"readline()"可导致消耗大量内存资源，造成拒绝服务攻击。
6，不受限的调用Lib/poplib.py中的"readline()"可导致消耗大量内存资源，造成拒绝服务攻击。
7，不受限的调用Lib/smtplib.py中的"readline()"可导致消耗大量内存资源，造成拒绝服务攻击。
0
Python 2.6.x
厂商补丁：

Python

Python 2.6.9已经修复该漏洞，建议用户下载更新：

http://www.python.org

nessus 56

openvas 47

amazon 4

fedora 17

prion 3

f5 3

veracode 7

osv 5

cve 3

oraclelinux 4

redhat 5

ubuntu 5

securityvulns 2

centos 3

mageia 4

ubuntucve 1

debian 2

debiancve 1

vmware 2

slackware 1

archlinux 1

ibm 4

gentoo 1

suse 1

nessus

LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities (Mac OS X)

2014-04-04 00:00:00

LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities

2014-04-04 00:00:00

SuSE 11.3 Security Update : python (SAT Patch Number 8892)

2014-03-07 00:00:00

openvas

Amazon Linux: Security Advisory (ALAS-2013-241)

2015-09-08 00:00:00

Fedora Update for jython FEDORA-2015-5938

2015-07-07 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-552)

2015-09-08 00:00:00

amazon

Medium: python26

2013-11-03 12:09:00

Medium: python27

2013-09-04 13:31:00

Medium: python27

2015-06-22 10:31:00

fedora

[SECURITY] Fedora 21 Update: python-2.7.8-8.fc21

2015-04-18 09:43:06

[SECURITY] Fedora 22 Update: jnr-posix-3.0.9-3.fc22

2015-04-21 19:25:36

[SECURITY] Fedora 22 Update: jython-2.7-0.7.rc2.fc22

2015-04-21 19:25:36

prion

Design/Logic Flaw

2019-06-03 20:15:00

Design/Logic Flaw

2013-08-18 02:52:00

Design/Logic Flaw

2013-08-27 03:34:00

K53192206 : Python and Jython vulnerability CVE-2013-1752

2017-07-21 00:00:00

SOL15638 - Python vulnerability CVE-2013-4238

2014-09-29 00:00:00

K15638 : Python vulnerability CVE-2013-4238

2014-10-17 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:06:08

Man-in-the-Middle (MitM)

2019-01-15 08:51:35

Improper Input Validation

2019-05-02 05:39:24

osv

smtplib unlimited read

2019-06-03 19:04:24

python2.7 - security update

2014-03-17 00:00:00

python2.6 - regression update

2014-07-31 00:00:00

cve

CVE-2013-1752

2019-06-03 20:15:00

CVE-2013-4238

2013-08-18 02:52:00

CVE-2013-4328

2013-08-27 03:34:00

oraclelinux

python security, bug fix, and enhancement update

2013-11-26 00:00:00

python security, bug fix, and enhancement update

2015-07-28 00:00:00

python security, bug fix, and enhancement update

2015-11-23 00:00:00

redhat

(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update

2013-11-21 00:00:00

(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update

2015-07-22 00:00:00

(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update

2015-11-19 13:41:01

ubuntu

Python 2.6 vulnerability

2013-10-01 00:00:00

Python 2.7 vulnerabilities

2013-10-01 00:00:00

Python 3.3 vulnerabilities

2013-10-01 00:00:00

securityvulns

Python SSL certificate check bypass

2013-10-02 00:00:00

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

2014-12-11 00:00:00

centos

python, tkinter security update

2013-11-26 13:32:42

python, tkinter security update

2015-07-26 14:11:19

python, tkinter security update

2015-11-30 19:48:49

mageia

Updated python package fixes security vulnerabilities

2014-03-24 11:37:41

Updated python & python3 packages fix multiple vulnerabilities

2014-02-20 01:24:08

Updated python3, bzr and some python packages fix security vulnerabilties

2013-08-22 21:58:14

ubuntucve

CVE-2013-4238

2013-08-17 00:00:00

debian

[SECURITY] [DSA 2880-1] python2.7 security update

2014-03-17 18:07:37

[DLA 25-1] python2.6 security update

2014-07-31 21:07:32

debiancve

CVE-2013-4238

2013-08-18 02:52:00

vmware

VMware vSphere product updates address security vulnerabilities

2014-12-04 00:00:00

VMware vSphere product updates address security vulnerabilities

2014-12-04 00:00:00

slackware

[slackware-security] python

2019-03-03 22:46:15

archlinux

python2: multiple issues

2014-12-15 00:00:00

ibm

Security Bulletin: Python vulnerabilities affect IBM SmartCloud Entry (CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185)

2020-07-19 00:49:12

Security Bulletin: Multiple vulnerabilities in Python affect PowerKVM

2018-06-18 01:30:44

Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:33:00

gentoo

Python: Multiple vulnerabilities

2015-03-18 00:00:00

suse

Security update for python3 (important)

2020-01-21 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for SSV:61235