Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-1909HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-1909
2022-10-0316:14:47
Debian Security Bug Tracker
security-tracker.debian.org
9
python
apache qpid
ssl
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
31.4%
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | qpid-python | < 0.22-1 | qpid-python_0.22-1_all.deb |
Related
prion
prion
Code injection
2013-08-23 16:55:00
github
github
Apache Qpid Python client Improper certificate validation
2022-05-13 01:08:41
nessus
nessus
RHEL 6 : MRG (RHSA-2013:1024)
2014-07-22 00:00:00
RHEL 6 : python-qpid (Unpatched Vulnerability)
2024-06-03 00:00:00
cvelist
cvelist
CVE-2013-1909
2022-10-03 16:14:47
cve
cve
CVE-2013-1909
2022-10-03 16:14:47
redhat
redhat
osv
osv
PYSEC-2013-25
2013-08-23 16:55:00
ubuntucve
ubuntucve
CVE-2013-1909
2013-08-23 00:00:00
veracode
veracode
Main-in-the-Middle (MitM)
2019-01-15 08:55:40
nvd
nvd
CVE-2013-1909
2013-08-23 16:55:07
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
31.4%
Related for DEBIANCVE:CVE-2013-1909