Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-2099

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

Source

ALAS-2015-521

Amazon Linux AMI Security Advisory: ALAS-2015-521
Advisory Release Date: 2015-05-05 21:31 Pacific
Advisory Updated Date: 2015-05-06 15:14 Pacific

Severity: Low

References: CVE-2013-2099

Issue Overview:

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

Affected Packages:

python-tornado

Issue Correction:
Run yum update python-tornado to update your system.

New Packages:

noarch:
    python27-tornado-2.2.1-7.7.amzn1.noarch
    python26-tornado-2.2.1-7.7.amzn1.noarch
    python27-tornado-doc-2.2.1-7.7.amzn1.noarch
    python26-tornado-doc-2.2.1-7.7.amzn1.noarch

src:
    python-tornado-2.2.1-7.7.amzn1.src

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2015-521

ALAS-2015-521

Vulmon Search

About

Products

Connect