Описание
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.5.0-1.1 |
| hardy | DNE | |
| lucid | ignored | end of life |
| natty | ignored | end of life |
| oneiric | released | 0.5.0-1.1~build0.11.10.1 |
| precise | released | 0.5.0-1.1~build0.12.04.1 |
| quantal | released | 0.5.0-1.1 |
| raring | released | 0.5.0-1.1 |
| saucy | released | 0.5.0-1.1 |
| upstream | released | 0.5.0-1.1 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Apache Libcloud before 0.11.1 uses an incorrect regular expression dur ...
Apache Libcloud vulnerable to certificate impersonation
EPSS
5.8 Medium
CVSS2
5.9 Medium
CVSS3