5.8

CVE-2014-9365

Exploit

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Data is provided by the National Vulnerability Database (NVD)
PythonPython Version2.0
PythonPython Version2.0.1
PythonPython Version2.1
PythonPython Version2.1.1
PythonPython Version2.1.2
PythonPython Version2.1.3
PythonPython Version2.2
PythonPython Version2.2.1
PythonPython Version2.2.2
PythonPython Version2.2.3
PythonPython Version2.3.1
PythonPython Version2.3.2
PythonPython Version2.3.3
PythonPython Version2.3.4
PythonPython Version2.3.5
PythonPython Version2.3.7
PythonPython Version2.4.1
PythonPython Version2.4.2
PythonPython Version2.4.3
PythonPython Version2.4.4
PythonPython Version2.4.6
PythonPython Version2.5.1
PythonPython Version2.5.2
PythonPython Version2.5.3
PythonPython Version2.5.4
PythonPython Version2.5.6
PythonPython Version2.5.150
PythonPython Version2.6.1
PythonPython Version2.6.2
PythonPython Version2.6.3
PythonPython Version2.6.4
PythonPython Version2.6.5
PythonPython Version2.6.6
PythonPython Version2.6.7
PythonPython Version2.6.8
PythonPython Version2.6.2150
PythonPython Version2.6.6150
PythonPython Version2.7.1
PythonPython Version2.7.1 Updaterc1
PythonPython Version2.7.2 Updaterc1
PythonPython Version2.7.3
PythonPython Version2.7.4
PythonPython Version2.7.5
PythonPython Version2.7.6
PythonPython Version2.7.7
PythonPython Version2.7.8
PythonPython Version2.7.1150
PythonPython Version2.7.1150 HwPlatformx64
PythonPython Version2.7.2150
PythonPython Version3.0
PythonPython Version3.0.1
PythonPython Version3.1
PythonPython Version3.1.1
PythonPython Version3.1.2
PythonPython Version3.1.3
PythonPython Version3.1.4
PythonPython Version3.1.5
PythonPython Version3.1.2150 HwPlatformx64
PythonPython Version3.2
PythonPython Version3.2 Updatealpha
PythonPython Version3.2.0
PythonPython Version3.2.1
PythonPython Version3.2.2
PythonPython Version3.2.3
PythonPython Version3.2.4
PythonPython Version3.2.5
PythonPython Version3.2.6
PythonPython Version3.2.2150
PythonPython Version3.3
PythonPython Version3.3 Updatebeta2
PythonPython Version3.3.0
PythonPython Version3.3.1
PythonPython Version3.3.1 Updaterc1
PythonPython Version3.3.2
PythonPython Version3.3.3
PythonPython Version3.3.3 Updaterc1
PythonPython Version3.3.3 Updaterc2
PythonPython Version3.3.4
PythonPython Version3.3.4 Updaterc1
PythonPython Version3.3.5 Update-
PythonPython Version3.3.5 Updaterc1
PythonPython Version3.3.5 Updaterc2
PythonPython Version3.3.6 Updaterc1
PythonPython Version3.4 Updatealpha1
PythonPython Version3.4.0
PythonPython Version3.4.1
PythonPython Version3.4.2
ApplemacOS X Version <= 10.10.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.04% 0.832
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N