Описание
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| lucid | released | 2.6.5-1ubuntu6.2 |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.7.5-8ubuntu3 |
| lucid | DNE | |
| precise | released | 2.7.3-0ubuntu3.4 |
| quantal | released | 2.7.3-5ubuntu4.3 |
| raring | released | 2.7.4-2ubuntu3.2 |
| upstream | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| lucid | ignored | end of life |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| lucid | DNE | |
| precise | released | 3.2.3-0ubuntu3.5 |
| quantal | released | 3.2.3-6ubuntu3.4 |
| raring | DNE | |
| upstream | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.3.2-7ubuntu2 |
| lucid | DNE | |
| precise | DNE | |
| quantal | released | 3.3.0-1ubuntu0.1 |
| raring | released | 3.3.1-1ubuntu5.2 |
| upstream | needed |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
The ssl.match_hostname function in the SSL module in Python 2.6 throug ...
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ELSA-2013-1582: python security, bug fix, and enhancement update (MODERATE)
EPSS
4.3 Medium
CVSS2