Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2013-2037

Published: 18/01/2014 Updated: 06/12/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Ubuntu Linux

Vulnerability Summary

httplib2 0.7.2, 0.8, and previous versions, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 13.04

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

httplib2 project httplib2

httplib2 project httplib2 0.8

Vendor Advisories

Debian CVElist Bug Report Logs: python-httplib2: CVE-2013-2037
Debian Bug report logs - #706602 python-httplib2: CVE-2013-2037 Package: python-httplib2; Maintainer for python-httplib2 is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-httplib2 is src:python-httplib2 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> ...
Ubuntu Security Notice: python-httplib2 vulnerability
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet ...
Red Hat: CVE-2013-2037
httplib2 072, 08, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate ...

References

CWE-20http://www.ubuntu.com/usn/USN-1948-1http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602http://seclists.org/oss-sec/2013/q2/257http://code.google.com/p/httplib2/issues/detail?id=282https://bugs.launchpad.net/httplib2/+bug/1175272http://www.securityfocus.com/bid/52179https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602https://usn.ubuntu.com/1948-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-2037
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook