QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4111

Published: Aug 28, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

https://bugs.launchpad.net/ossa/+bug/1192229

x_refsource_CONFIRM

openSUSE-SU-2013:1330

vendor-advisory

x_refsource_SUSE

https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.