AZL-44784

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44784.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-44784

Upstream

CVE-2013-6444

Published

2014-05-05T17:06:04Z

Modified

2026-04-21T04:31:29.611980Z

Summary

CVE-2013-6444 affecting package pywbem 0.17.6-12

Details

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

https://nvd.nist.gov/vuln/detail/CVE-2013-6444

Affected packages

Azure Linux:3 / pywbem

Package

Name: pywbem
Purl: pkg:rpm/azure-linux/pywbem

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.17.6-12

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44784.json"