CVE-2013-6418

Опубликовано: 05 мая 2014

Источник: debian

EPSS Низкий

Описание

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pywbem	fixed	0.8.0~dev650-1		package
pywbem	no-dsa		squeeze	package
pywbem	no-dsa		wheezy	package

Примечания

fix: https://bugzilla.redhat.com/attachment.cgi?id=851357

EPSS

Процентиль: 57%

0.00345

Низкий

Связанные уязвимости

CVE-2013-6418

ubuntu

почти 12 лет назад

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

CVE-2013-6418

redhat

больше 12 лет назад

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

CVE-2013-6418

nvd

почти 12 лет назад

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

CVE-2013-6418

msrc

7 месяцев назад

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

GHSA-f9q5-46qg-74x4

CVSS3: 7.5

github

почти 4 года назад

PyWBEM TOCTOU vulnerability in certificate validation

EPSS

Процентиль: 57%

0.00345

Низкий