Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2073

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-2073
Last Modified 02 May 2014 10:49:01
Published 01 May 2014 09:59:22
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2073

Summary

Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.

Vulnerable Systems

Application

  • Transifex 0.1

  • Transifex 0.2

  • Transifex 0.3

  • Transifex 0.4

  • Transifex 0.5

  • Transifex 0.6

  • Transifex 0.7

  • Transifex 0.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=952194

MLIST - [oss-security] 20130522 CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)

CONFIRM - http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-has-been-released


Last Updated: 27 May 2016 11:05:10