Lucene search
Ubuntu.comUB:CVE-2013-1909HistoryAug 23, 2013 - 12:00 a.m.
CVE-2013-1909
2013-08-2300:00:00
ubuntu.com
ubuntu.com
7
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
31.4%
The Python client in Apache Qpid before 2.2 does not verify that the server
hostname matches a domain name in the subject’s Common Name (CN) or
subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
certificate.
Bugs
Related
prion
prion
Code injection
2013-08-23 16:55:00
github
github
Apache Qpid Python client Improper certificate validation
2022-05-13 01:08:41
nessus
nessus
RHEL 6 : MRG (RHSA-2013:1024)
2014-07-22 00:00:00
RHEL 6 : python-qpid (Unpatched Vulnerability)
2024-06-03 00:00:00
cvelist
cvelist
CVE-2013-1909
2022-10-03 16:14:47
cve
cve
CVE-2013-1909
2022-10-03 16:14:47
redhat
redhat
debiancve
debiancve
CVE-2013-1909
2022-10-03 16:14:47
veracode
veracode
Main-in-the-Middle (MitM)
2019-01-15 08:55:40
nvd
nvd
CVE-2013-1909
2013-08-23 16:55:07
osv
osv
PYSEC-2013-25
2013-08-23 16:55:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
31.4%
Related for UB:CVE-2013-1909