Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Customers

Login Get Demo

Vulnerability IntelligenceCVE-2013-7440

CVE-2013-7440

MEDIUM5.9

The ssl

Published Jun 7, 2016

Modified 1 years ago

Details

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

References

WEB

http://seclists.org/oss-sec/2015/q2/483

WEB

http://seclists.org/oss-sec/2015/q2/523

WEB

http://www.securityfocus.com/bid/74707

ADVISORY

https://access.redhat.com/errata/RHSA-2016:1166

WEB

https://bugs.python.org/issue17997

WEB

https://bugzilla.redhat.com/show_bug.cgi?id=1224999

WEB

https://hg.python.org/cpython/rev/10d0edadbcdd

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2013-7440

CVSS Analysis

CVSS v3.0

5.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

HighI:H

Availability

NoneA:N

5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Ecosystems

Timeline

PublishedJun 7, 2016

ModifiedAug 6, 2024

CVE-2013-7440 | Mondoo Vulnerability Intelligence