Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6444

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-6444
Last Modified 18 Jul 2014 01:51:12
Published 05 May 2014 01:06:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-6444

Summary

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Systems

Application

  • Pywbem Project Pywbem 0.7


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1044246

MLIST - [pywbem-devel] 20131216 TOCTOU issue (time of check, time of use)

CONFIRM - http://sourceforge.net/p/pywbem/code/627/

MLIST - [oss-security] 20131219 Re: CVE already assigned for 1026891?


Last Updated: 27 May 2016 11:05:10