5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
python is vulnerable to man-in-the-middle (MitM). The vulnerability exists as the ssl.match_hostname
function does not properly handle wildcards in hostnames.
seclists.org/oss-sec/2015/q2/483
seclists.org/oss-sec/2015/q2/483
seclists.org/oss-sec/2015/q2/523
seclists.org/oss-sec/2015/q2/523
www.securityfocus.com/bid/74707
www.securityfocus.com/bid/74707
access.redhat.com/articles/2039753
access.redhat.com/errata/RHSA-2016:1166
access.redhat.com/security/updates/classification/#moderate
bugs.python.org/issue17997
bugs.python.org/issue17997
bugzilla.redhat.com/show_bug.cgi?id=1173041
bugzilla.redhat.com/show_bug.cgi?id=1224999
bugzilla.redhat.com/show_bug.cgi?id=1224999
bugzilla.redhat.com/show_bug.cgi?id=1266529
bugzilla.redhat.com/show_bug.cgi?id=1297783
bugzilla.redhat.com/show_bug.cgi?id=1297784
bugzilla.redhat.com/show_bug.cgi?id=1318319
bugzilla.redhat.com/show_bug.cgi?id=1329141
bugzilla.redhat.com/show_bug.cgi?id=1329944
bugzilla.redhat.com/show_bug.cgi?id=1330041
bugzilla.redhat.com/show_bug.cgi?id=1334447
hg.python.org/cpython/rev/10d0edadbcdd
hg.python.org/cpython/rev/10d0edadbcdd
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N