PT-2014-3101 · Openstack · Python-Swiftclient

Thomas Leaman

Published

2014-02-18

Updated

2022-05-17

CVE-2013-6396

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions python-swiftclient versions 1.0 through 1.9.0 python-swiftclient versions 1.0 through 2.0.1

Description The issue concerns the failure of the python-swiftclient to verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations For python-swiftclient versions 1.0 through 1.9.0, update to version 2.0.2 or later to resolve the issue. For python-swiftclient versions 1.0 through 2.0.1, update to version 2.0.2 or later to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-310

Related Identifiers

CVE-2013-6396

GHSA-P3XV-97G8-4WMJ

PYSEC-2014-12

Affected Products

Python-Swiftclient

PT-2014-3101 · Openstack · Python-Swiftclient

CVE-2013-6396

Weakness Enumeration

Related Identifiers

Affected Products

References · 16