CVE-2013-6396

EUVD-2014-0093
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
openstackswift
1.0.0
openstackswift
1.0.1
openstackswift
1.0.2
openstackswift
1.1.0
openstackswift
1.1.0:rc1
openstackswift
1.1.0:rc2
openstackswift
1.2.0
openstackswift
1.2.0:gamma1
openstackswift
1.2.0:rc1
openstackswift
1.3.0
openstackswift
1.3.0:gamma1
openstackswift
1.3.0:rc1
openstackswift
1.4.0
openstackswift
1.4.1
openstackswift
1.4.2
openstackswift
1.4.3
openstackswift
1.4.4
openstackswift
1.4.5
openstackswift
1.4.6
openstackswift
1.4.7
openstackswift
1.4.8
openstackswift
1.5.0
openstackswift
1.6.0
openstackswift
1.7.0
openstackswift
1.7.2
openstackswift
1.7.4
openstackswift
1.7.5
openstackswift
1.7.6
openstackswift
1.8.0
openstackswift
1.8.0:rc1
openstackswift
1.8.0:rc2
openstackswift
1.9.0
openstackswift
1.10.0
openstackswift
1.11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-swiftclient
bookworm
1:4.1.0-2
fixed
bullseye
1:3.10.1-2
fixed
sid
1:4.6.0-3
fixed
trixie
1:4.6.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-swiftclient
lucid
dne
precise
dne
quantal
not-affected
raring
not-affected
saucy
ignored
trusty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2014/02/17/7
https://bugs.launchpad.net/python-swiftclient/+bug/1199783
http://www.openwall.com/lists/oss-security/2014/02/17/7
https://bugs.launchpad.net/python-swiftclient/+bug/1199783