CVE-2013-1909

Name of the Vulnerable Software and Affected Versions Apache Qpid versions prior to 2.2

Description The issue concerns the Python client in Apache Qpid, which fails to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Recommendations For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider verifying the server hostname manually to ensure it matches the domain name in the certificate. Restrict access to sensitive data until the update can be applied.