PT-2012-6137 · Python · Tweepy

Published

2012-11-04

Updated

2022-05-17

CVE-2012-5825

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Tweepy (affected versions not specified)

Description The issue arises from Tweepy's failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. The problem is related to the use of the Python httplib library.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-5825

GHSA-PWX5-XG7G-WPC5

PYSEC-2012-17

Affected Products

Tweepy

PT-2012-6137 · Python · Tweepy

CVE-2012-5825

Weakness Enumeration

Related Identifiers

Affected Products

References · 15