[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4314Date: (C)2013-10-09   (M)2023-12-22


The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
DSA-2763
USN-1965-1
http://www.openwall.com/lists/oss-security/2013/09/06/2
https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
https://bugzilla.redhat.com/show_bug.cgi?id=1005325
openSUSE-SU-2013:1648

CPE    13
cpe:/a:jean-paul_calderone:pyopenssl
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/o:canonical:ubuntu_linux:13.04
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:601112
oval:org.secpod.oval:def:701424

© SecPod Technologies