5.8

CVE-2014-9365

Exploit
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version2.0
PythonPython Version2.0.1
PythonPython Version2.1
PythonPython Version2.1.1
PythonPython Version2.1.2
PythonPython Version2.1.3
PythonPython Version2.2
PythonPython Version2.2.1
PythonPython Version2.2.2
PythonPython Version2.2.3
PythonPython Version2.3.1
PythonPython Version2.3.2
PythonPython Version2.3.3
PythonPython Version2.3.4
PythonPython Version2.3.5
PythonPython Version2.3.7
PythonPython Version2.4.1
PythonPython Version2.4.2
PythonPython Version2.4.3
PythonPython Version2.4.4
PythonPython Version2.4.6
PythonPython Version2.5.1
PythonPython Version2.5.2
PythonPython Version2.5.3
PythonPython Version2.5.4
PythonPython Version2.5.6
PythonPython Version2.5.150
PythonPython Version2.6.1
PythonPython Version2.6.2
PythonPython Version2.6.3
PythonPython Version2.6.4
PythonPython Version2.6.5
PythonPython Version2.6.6
PythonPython Version2.6.7
PythonPython Version2.6.8
PythonPython Version2.6.2150
PythonPython Version2.6.6150
PythonPython Version2.7.1
PythonPython Version2.7.1 Updaterc1
PythonPython Version2.7.2 Updaterc1
PythonPython Version2.7.3
PythonPython Version2.7.4
PythonPython Version2.7.5
PythonPython Version2.7.6
PythonPython Version2.7.7
PythonPython Version2.7.8
PythonPython Version2.7.1150
PythonPython Version2.7.1150 HwPlatformx64
PythonPython Version2.7.2150
PythonPython Version3.0
PythonPython Version3.0.1
PythonPython Version3.1
PythonPython Version3.1.1
PythonPython Version3.1.2
PythonPython Version3.1.3
PythonPython Version3.1.4
PythonPython Version3.1.5
PythonPython Version3.1.2150 HwPlatformx64
PythonPython Version3.2
PythonPython Version3.2 Updatealpha
PythonPython Version3.2.0
PythonPython Version3.2.1
PythonPython Version3.2.2
PythonPython Version3.2.3
PythonPython Version3.2.4
PythonPython Version3.2.5
PythonPython Version3.2.6
PythonPython Version3.2.2150
PythonPython Version3.3
PythonPython Version3.3 Updatebeta2
PythonPython Version3.3.0
PythonPython Version3.3.1
PythonPython Version3.3.1 Updaterc1
PythonPython Version3.3.2
PythonPython Version3.3.3
PythonPython Version3.3.3 Updaterc1
PythonPython Version3.3.3 Updaterc2
PythonPython Version3.3.4
PythonPython Version3.3.4 Updaterc1
PythonPython Version3.3.5 Update-
PythonPython Version3.3.5 Updaterc1
PythonPython Version3.3.5 Updaterc2
PythonPython Version3.3.6 Updaterc1
PythonPython Version3.4 Updatealpha1
PythonPython Version3.4.0
PythonPython Version3.4.1
PythonPython Version3.4.2
ApplemacOS X Version <= 10.10.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.27% 0.868
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://access.redhat.com/errata/RHSA-2016:1166
https://security.gentoo.org/glsa/201503-10
http://bugs.python.org/issue22417
Exploit
http://www.openwall.com/lists/oss-security/2014/12/11/1
http://www.securityfocus.com/bid/71639
https://access.redhat.com/errata/RHSA-2017:1162
https://access.redhat.com/errata/RHSA-2017:1868
https://www.python.org/dev/peps/pep-0476/
Vendor Advisory
Exploit
https://www.python.org/downloads/release/python-279/