Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-7440

Опубликовано: 12 авг. 2013
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC 6125 recommendations.

Отчет

This issue affects the versions of python27-python-pip, python-pymongo and python-virtualenv as shipped with Red Hat OpenShift 2.x and Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.1python-backports-ssl_match_hostnameNot affected
Red Hat Ceph Storage 1.2python-backports-ssl_match_hostnameNot affected
Red Hat Enterprise Linux 5pythonNot affected
Red Hat Enterprise Linux 5python-setuptoolsNot affected
Red Hat Enterprise Linux 6bzrNot affected
Red Hat Enterprise Linux 6pythonNot affected
Red Hat Enterprise Linux 6python-backports-ssl_match_hostnameNot affected
Red Hat Enterprise Linux 6python-setuptoolsNot affected
Red Hat Enterprise Linux 7bzrWill not fix
Red Hat Enterprise Linux 7pythonNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1224999python: wildcard matching rules do not follow RFC 6125

EPSS

Процентиль: 58%
0.00369
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-7440

CVSS3: 5.9
ubuntu
около 9 лет назад

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

nvd логотип

CVE-2013-7440

CVSS3: 5.9
nvd
около 9 лет назад

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

debian логотип

CVE-2013-7440

CVSS3: 5.9
debian
около 9 лет назад

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...

suse-cvrf логотип

SUSE-SU-2015:1651-1

suse-cvrf
около 10 лет назад

Recommended update for python-setuptools

suse-cvrf логотип

SUSE-SU-2015:1298-1

suse-cvrf
около 10 лет назад

Security update for python-setuptools

EPSS

Процентиль: 58%
0.00369
Низкий

4 Medium

CVSS2