{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20131220 Re: CVE already assigned for 1026891?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/531"}, {"name": "[pywbem-devel] 20131216 TOCTOU issue (time of check, time of use)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceforge.net/p/pywbem/mailman/message/31757312/"}, {"name": "58327", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58327"}, {"name": "64544", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64544"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "SUSE-SU-2014:0580", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140580-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/p/pywbem/code/627/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039801"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.351Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20131220 Re: CVE already assigned for 1026891?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/531"}, {"name": "[pywbem-devel] 20131216 TOCTOU issue (time of check, time of use)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceforge.net/p/pywbem/mailman/message/31757312/"}, {"name": "58327", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58327"}, {"name": "64544", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64544"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "SUSE-SU-2014:0580", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140580-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/p/pywbem/code/627/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039801"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6418", "datePublished": "2014-05-05T17:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pywbem_project:pywbem:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D13C636-E488-44BA-A2B2-AE750D0BDB79", "versionEndIncluding": "0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate."}, {"lang": "es", "value": "PyWBEM 0.7 y anteriores utiliza una conexi\u00f3n diferente para validar certificados X.509, lo que permite a atacantes man-in-the-middle falsificar un par a trav\u00e9s de un certificado arbitrario."}], "id": "CVE-2013-6418", "lastModified": "2016-11-28T19:09:55.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-05T17:06:04.733", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/531"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/58327"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://sourceforge.net/p/pywbem/code/627/"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/p/pywbem/mailman/message/31757312/"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/64544"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039801"}, {"source": "secalert@redhat.com", "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140580-1.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "bugzilla": {"description": "pywbem: TOCTOU vulnerability in certificate validation", "id": "1039801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039801"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "cwe": "CWE-367", "details": ["PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate."], "name": "CVE-2013-6418", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pywbem", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pywbem", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-12-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6418\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6418"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}