QwikSec

Security Database

CVE

CWE

Training

CVE-2013-7110

Published: May 2, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)

mailing-list

x_refsource_MLIST

https://github.com/transifex/transifex-client/issues/42

x_refsource_CONFIRM

[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.