CVE-2013-1909

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
redhatenterprise_mrg
2.0
apacheqpid
𝑥
≤ 0.20
apacheqpid
0.5
apacheqpid
0.6
apacheqpid
0.7
apacheqpid
0.8
apacheqpid
0.9
apacheqpid
0.10
apacheqpid
0.11
apacheqpid
0.12
apacheqpid
0.13
apacheqpid
0.14
apacheqpid
0.15
apacheqpid
0.16
apacheqpid
0.17
apacheqpid
0.18
apacheqpid
0.19
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qpid-python
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
ignored
quantal
ignored
precise
ignored
lucid
dne
Common Weakness Enumeration
References
http://qpid.apache.org/releases/qpid-0.22/release-notes.html
http://rhn.redhat.com/errata/RHSA-2013-1024.html
http://secunia.com/advisories/53968
http://secunia.com/advisories/54137
http://svn.apache.org/viewvc?view=revision&revision=1460013
https://issues.apache.org/jira/browse/QPID-4918
http://qpid.apache.org/releases/qpid-0.22/release-notes.html
http://rhn.redhat.com/errata/RHSA-2013-1024.html
http://secunia.com/advisories/53968
http://secunia.com/advisories/54137
http://svn.apache.org/viewvc?view=revision&revision=1460013
https://issues.apache.org/jira/browse/QPID-4918