CVE-2013-6444

Name of the Vulnerable Software and Affected Versions PyWBEM versions 0.7 and earlier

Description The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For PyWBEM versions 0.7 and earlier, as a temporary workaround, consider disabling SSL connections until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation. Avoid using SSL connections in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.