Описание
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Ссылки
- Issue TrackingMailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitPatch
- Issue TrackingMailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitPatch
Уязвимые конфигурации
Одно из
Одно из
EPSS
2.6 Low
CVSS2
Дефекты
Связанные уязвимости
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, ...
EPSS
2.6 Low
CVSS2