Published: 18/02/2014 Updated: 21/02/2014

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The OpenStack Python client library for Swift (python-swiftclient) 1.0 up to and including 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack swift 1.0.0
openstack swift 1.0.2
openstack swift 1.11.0
openstack swift 1.2.0
openstack swift 1.4.2
openstack swift 1.4.4
openstack swift 1.7.0
openstack swift 1.7.4
openstack swift 1.8.0
openstack swift 1.3.0
openstack swift 1.4.0
openstack swift 1.7.5
openstack swift 1.7.6
openstack swift 1.1.0
openstack swift 1.10.0
openstack swift 1.4.6
openstack swift 1.4.7
openstack swift 1.4.8
openstack swift 1.5.0
openstack swift 1.0.1
openstack swift 1.4.1
openstack swift 1.4.3
openstack swift 1.4.5
openstack swift 1.6.0
openstack swift 1.7.2
openstack swift 1.9.0

Debian Bug report logs - #730626 python-swiftclient: CVE-2013-6396 Package: python-swiftclient; Maintainer for python-swiftclient is Debian OpenStack <team+openstack@trackerdebianorg>; Source for python-swiftclient is src:python-swiftclient (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> ...

The OpenStack Python client library for Swift (python-swiftclient) 10 through 190 does not verify X509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate ...

CWE-310 http://www.openwall.com/lists/oss-security/2014/02/17/7 https://bugs.launchpad.net/python-swiftclient/+bug/1199783 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730626 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-6396

CVE-2013-6396

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect