httplib2 vulnerability

ID USN-1375-1
Type ubuntu
Reporter Ubuntu
Modified 2012-02-27T00:00:00


The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.