9.3
CVE-2013-2100
- EPSS 0.59%
- Veröffentlicht 29.09.2014 22:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.667 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|