Lucene search

[email protected]CVE-2013-2099

HistoryOct 09, 2013 - 2:53 p.m.

CVE-2013-2099

2013-10-0914:53:20

CWE-399

[email protected]

web.nvd.nist.gov

126

cve-2013-2099

ssl

python 3.x

denial of service

algorithmic complexity vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6 Medium

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Affected configurations

NVD

Node

pythonpythonMatch3.2.0

pythonpythonMatch3.2.1

pythonpythonMatch3.2.2

pythonpythonMatch3.2.3

pythonpythonMatch3.2.4

pythonpythonMatch3.2.5

pythonpythonMatch3.3.0

pythonpythonMatch3.3.1

pythonpythonMatch3.3.2

Node

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

CPENameOperatorVersion
python:pythonpythoneq3.2.0
python:pythonpythoneq3.2.1
python:pythonpythoneq3.2.2
python:pythonpythoneq3.2.3
python:pythonpythoneq3.2.4
python:pythonpythoneq3.2.5
python:pythonpythoneq3.3.0
python:pythonpythoneq3.3.1
python:pythonpythoneq3.3.2

CPE	Name	Operator	Version
python:python	python	eq	3.2.0
python:python	python	eq	3.2.1
python:python	python	eq	3.2.2
python:python	python	eq	3.2.3
python:python	python	eq	3.2.4
python:python	python	eq	3.2.5
python:python	python	eq	3.3.0
python:python	python	eq	3.3.1
python:python	python	eq	3.3.2