exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2014-9365

больше 10 лет назад

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS2: 5.8

EPSS: Низкий

CVE-2014-9365

больше 10 лет назад

CVSS3: 4.7

EPSS: Низкий

CVE-2014-9365

больше 10 лет назад

CVSS2: 5.8

EPSS: Низкий

CVE-2014-9365

больше 10 лет назад

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ...

CVSS2: 5.8

EPSS: Низкий

GHSA-fj2p-9cqv-m944

около 3 лет назад

EPSS: Низкий

ELSA-2017-1868

почти 8 лет назад

ELSA-2017-1868: python security and bug fix update (MODERATE)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2014-9365 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.	CVSS2: 5.8	1% Низкий	больше 10 лет назад
CVE-2014-9365 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.	CVSS3: 4.7	1% Низкий	больше 10 лет назад
CVE-2014-9365 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.	CVSS2: 5.8	1% Низкий	больше 10 лет назад
CVE-2014-9365 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ...	CVSS2: 5.8	1% Низкий	больше 10 лет назад
GHSA-fj2p-9cqv-m944 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.		1% Низкий	около 3 лет назад
ELSA-2017-1868 ELSA-2017-1868: python security and bug fix update (MODERATE)			почти 8 лет назад

Уязвимостей на страницу