CVE-2013-1909

Published Aug 23, 2013

Last updated 3 years ago

Overview

Description
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Source
secalert@redhat.com
NVD status
Analyzed

Social media

Hype score
Not currently trending

Risk scores

CVSS 2.0

Type
Primary
Base score
5.8
Impact score
4.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-20

Configurations