CVE-2013-2037

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published : 2014-01-18 21:55 Updated : 2018-12-06 20:53

2.6
CVSS Score More info
Score 2.6 / 10
2.6
Vendor Product Version URI
Httplib2 Project Httplib2 0.8 cpe:/a:httplib2_project:httplib2:0.8
Canonical Ubuntu Linux 13.04 cpe:/o:canonical:ubuntu_linux:13.04
Canonical Ubuntu Linux 12.10 cpe:/o:canonical:ubuntu_linux:12.10
Httplib2 Project Httplib2 0.7.2 cpe:/a:httplib2_project:httplib2:0.7.2
Canonical Ubuntu Linux 10.04 cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
  1. Httplib2 Project (1) Search CVE
    1. Httplib2 (2) Search CVE
      1. 0.8
      2. 0.7.2
  2. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 13.04
      2. 12.10
      3. 10.04
      4. 12.04

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-12-06 20:53
2014-01-18 21:55

New CVE