Описание
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tweepy:tweepy:-:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00147
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 13 лет назад
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.
debian
больше 13 лет назад
Tweepy does not verify that the server hostname matches a domain name ...
EPSS
Процентиль: 35%
0.00147
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20