CVE-2013-2037

Name of the Vulnerable Software and Affected Versions httplib2 versions 0.7.2 and earlier httplib2 versions 0.8 and earlier httplib2 versions prior to 0.10.1

Description The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because, after an initial connection is made, it does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For versions 0.7.2 and earlier, update to version 0.10.1 or later. For versions 0.8 and earlier, update to version 0.10.1 or later. For versions prior to 0.10.1, update to version 0.10.1 or later.