Lucene search

ROSA LABROSA-SA-2021-1958

HistoryJul 02, 2021 - 6:03 p.m.

Advisory ROSA-SA-2021-1958

2021-07-0218:03:45

ROSA LAB

abf.rosalinux.ru

pywbem 0.7.0

cobalt 7.9

x.509 certificates

ssl servers

cve-2013-6418

cve-2013-6444

intermediary attackers

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.002

Percentile

64.8%

JSON

Software: pywbem 0.7.0
OS: Cobalt 7.9

CVE-ID: CVE-2013-6418
CVE-Crit: HIGH
CVE-DESC: PyWBEM 0.7 and earlier versions use a separate connection to validate X.509 certificates, which allows “attacker-in-the-middle” attackers to trick a peer node with an arbitrary certificate.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-6444
CVE-Crit: HIGH
CVE-DESC: PyWBEM 0.7 and earlier does not verify that the server hostname matches the domain name in the Common Name (CN) or subjectAltName field of an X.509 certificate subject, allowing intermediary attackers to spoof SSL. servers via an arbitrary valid certificate.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchpywbem< 0.7.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	pywbem	< 0.7.0	UNKNOWN

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.002

Percentile

64.8%

JSON

Related for ROSA-SA-2021-1958