httplib2 vulnerability

ID USN-1375-1
Type ubuntu
Reporter Ubuntu
Modified 2012-02-27T00:00:00


The httplib2 Python library earlier than version 0.7.0 did not perform any
server certificate validation when using HTTPS connections. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
be exploited to alter or compromise confidential information in
applications that used the httplib2 library.