A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.
Find out more about CVE-2013-2099 from the MITRE CVE dictionary dictionary and NIST NVD.
Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the SSL module there did not implement the match_hostname() routine yet.
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Storage Native Client for Red Hat Enterprise Linux 5 (glusterfs) | RHSA-2014:1263 | 2014-09-18 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 (python27-python-pymongo) | RHSA-2016:1166 | 2016-05-31 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 (python27-python-pymongo) | RHSA-2016:1166 | 2016-05-31 |
| Red Hat Storage Console 2.1 | RHSA-2014:1263 | 2014-09-18 |
| Red Hat Storage Server 2.1 (python-backports-ssl_match_hostname) | RHSA-2014:1263 | 2014-09-18 |
| Red Hat Storage Native Client for Red Hat Enterprise Linux 6 (glusterfs) | RHSA-2014:1263 | 2014-09-18 |
| Red Hat Enterprise Linux OpenStack Platform 4.0 (python-backports-ssl_match_hostname) | RHSA-2014:1690 | 2014-10-22 |
| Red Hat Common for Red Hat Enterprise Linux 6 (python-backports-ssl_match_hostname) | RHSA-2015:0042 | 2015-01-13 |
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | pymongo | Not affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-python34-python-pymongo | Not affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | python33-python-pymongo | Will not fix |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux | python33-python | Not affected |
| Red Hat Satellite 6 | python-pymongo | Will not fix |
| Red Hat Satellite 6 | python-backports-ssl_match_hostname | Will not fix |
| Red Hat OpenShift Enterprise 2 | python-pymongo | Will not fix |
| Red Hat Enterprise MRG 2 | pymongo | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | python-pymongo | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | python-pymongo | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | python-pymongo | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | python-backports-ssl_match_hostname | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | python-pymongo | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | python-backports-ssl_match_hostname | Will not fix |
| Red Hat Enterprise Linux 7 | python | Not affected |
| Red Hat Enterprise Linux 7 | python-tornado | Not affected |
| Red Hat Enterprise Linux 7 | bzr | Fix deferred |
| Red Hat Enterprise Linux 6 | python | Not affected |
| Red Hat Enterprise Linux 6 | bzr | Not affected |
| Red Hat Enterprise Linux 5 | python | Not affected |
Vulmon