{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-21T21:06:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1582", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1582.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"}, {"name": "openSUSE-SU-2013:1463", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html"}, {"name": "openSUSE-SU-2013:1440", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html"}, {"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"}, {"name": "DSA-2880", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2880"}, {"name": "USN-1982-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1982-1"}, {"name": "openSUSE-SU-2013:1437", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html"}, {"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Dec/23"}, {"name": "openSUSE-SU-2013:1462", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html"}, {"name": "openSUSE-SU-2013:1438", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996381"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.python.org/issue18709"}, {"name": "openSUSE-SU-2013:1439", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.666Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1582", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1582.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"}, {"name": "openSUSE-SU-2013:1463", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html"}, {"name": "openSUSE-SU-2013:1440", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html"}, {"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"}, {"name": "DSA-2880", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2880"}, {"name": "USN-1982-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1982-1"}, {"name": "openSUSE-SU-2013:1437", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html"}, {"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Dec/23"}, {"name": "openSUSE-SU-2013:1462", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html"}, {"name": "openSUSE-SU-2013:1438", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996381"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.python.org/issue18709"}, {"name": "openSUSE-SU-2013:1439", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4238", "datePublished": "2013-08-18T01:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "244740D0-CACA-4607-964C-F0F46153653D", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA3487C5-05AD-4553-B123-45F0A51BBA3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "486AB201-5BE7-4947-B18B-DA8F86E5D626", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E852D2C6-D744-4311-97B3-CAEF073D6585", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "845FBD14-4175-49F1-B762-4F550CEF5B0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "84E7646B-BC7C-4ED6-925B-268291F31610", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "6CD6B328-E333-48C3-B2CC-41EC95321B7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "9C22EAA6-B771-46C3-A0B8-E342493E1F77", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*", "matchCriteriaId": "3BAEB1E3-E3E6-4807-A2FF-ACD2F4356E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*", "matchCriteriaId": "92FF153A-69D5-444F-8FB3-78BF1C33F209", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CE2063E-5B74-4731-885F-80D2D7B15604", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC647F82-9679-4B26-AFF1-1B43B0AF18B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "046BCC55-F166-4C31-AB2B-815A0DFA2BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "6A3CABCB-9FA8-4B13-8CF1-AA89B9E9B7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*", "matchCriteriaId": "0D00809F-8D47-428E-9347-2BF36A61901A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*", "matchCriteriaId": "14EF3E9D-8F0D-40C4-A171-866D091CB531", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*", "matchCriteriaId": "CC94B908-E405-4BD2-BE36-2BB90238F7EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C702F-59E0-40AB-BA95-8F0803AB0550", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3190C547-7230-476C-A43F-641FE7B891EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "74AC7EE5-F01D-4F28-80D1-4076B7B24BA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B547525-E0DB-4D64-8ED1-AF3F1B6FF65F", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "19064C18-1CD7-4F10-8065-4B900BB31F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1997CB6-FD72-4B13-915A-7500AA06F4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "06A1811C-4E97-4226-8335-ADF0827A03B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BF2C50D1-187B-4E98-BA02-008D0ED4C220", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*", "matchCriteriaId": "9EB9683A-EE1C-4EB6-BF27-39A274B37D3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "87845E79-F4A3-4390-9ACF-A14E86BCDB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "E2C8F3C4-91AB-4AE3-A2FB-A093F97742FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "027FD902-9B08-4EDF-9F83-314FBF0583ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*", "matchCriteriaId": "F236E583-D23D-4769-8A25-EBFC930E4798", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "6DF7665B-3A10-46D1-B486-AFC9ED6C0B8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*", "matchCriteriaId": "0E2DAB9D-5D7D-40ED-8110-E3FDF7AE0729", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.4:alpha1:*:*:*:*:*:*", "matchCriteriaId": "B567FD3B-10F2-45DF-BC50-04316DF15113", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}, {"lang": "es", "value": "La funci\u00f3n ssl.match_hostname en el m\u00f3dulo SSL en Python v2.6 hasta v3.4 no manejar adecuadamente un car\u00e1cter \u201c\\0\u201d en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes \"man-in-the-middle\" suplantar servidores SSL de su elecci\u00f3n mediante un certificado manipulado expedido por una Autoridad Certificadora leg\u00edtima, un problema relacionado con CVE-2009-2408"}], "id": "CVE-2013-4238", "lastModified": "2019-10-25T11:53:59.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-18T02:52:22.943", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.python.org/issue18709"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1582.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2014/Dec/23"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-2880"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1982-1"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996381"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1582", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "python-0:2.6.6-51.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1527", "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package": "rhev-hypervisor6-0:6.5-20131115.0.3.2.el6_5", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2013-11-21T00:00:00Z"}], "bugzilla": {"description": "python: hostname check bypassing vulnerability in SSL module", "id": "996381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996381"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."], "name": "CVE-2013-4238", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "python27-python", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "python33-python", "product_name": "Red Hat Software Collections"}], "public_date": "2013-08-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4238\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4238"], "statement": "This issue does not affect the version of python as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.", "threat_severity": "Moderate"}