PYSEC-2014-94

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pywbem/PYSEC-2014-94.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2014-94
Aliases
Published
2014-05-05T17:06:00Z
Modified
2024-04-29T16:41:31.488451Z
Summary
[none]
Details

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

Affected packages

PyPI / pywbem

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.1

Affected versions

0.*

0.7.0