5.8
CVSSv2

CVE-2012-3446

Published: 04/11/2012 Updated: 06/11/2012
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Apache Libcloud prior to 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via a crafted certificate.

Affected Products

Vendor Product Versions
ApacheLibcloud0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.2, 0.5.0, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.8.0, 0.9.1, 0.10.1, 0.11.0

Vendor Advisories

Debian Bug report logs - #683927 CVE-2012-3446: MITM vulnerability in TLS/SSL certificates verification Package: libcloud; Maintainer for libcloud is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Sun, 5 Aug 2012 13:39:05 UTC Severit ...