Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-4314
HistorySep 09, 2013 - 12:00 a.m.

CVE-2013-4314

2013-09-0900:00:00
ubuntu.com
ubuntu.com
5

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.0%

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a
‘\0’ character in a domain name in the Subject Alternative Name field of an
X.509 certificate, which allows man-in-the-middle attackers to spoof
arbitrary SSL servers via a crafted certificate issued by a legitimate
Certification Authority.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpyopenssl< 0.10-1ubuntu0.1UNKNOWN
ubuntu12.04noarchpyopenssl< 0.12-1ubuntu2.1UNKNOWN
ubuntu12.10noarchpyopenssl< 0.13-2ubuntu1.1UNKNOWN
ubuntu13.04noarchpyopenssl< 0.13-2ubuntu3.1UNKNOWN

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.0%