Computer Security
[EN] securityvulns.ru no-pyccku


python-httplib insufficient certificate validation
Published:05.06.2013
Source:
SecurityVulns ID:13113
Type:library
Threat Level:
5/10
Description:Certificate is only validated on first request.
CVE:CVE-2013-2037 (httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:168 ] python-httplib2 (05.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod