Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7110

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-7110
Last Modified 02 May 2014 10:52:37
Published 01 May 2014 09:59:22
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7110

Summary

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.

Vulnerable Systems

Application

  • Transifex 0.1

  • Transifex 0.2

  • Transifex 0.3

  • Transifex 0.4

  • Transifex 0.5

  • Transifex 0.6

  • Transifex 0.7

  • Transifex 0.8

  • Transifex 0.9


References

CONFIRM - https://github.com/transifex/transifex-client/issues/42

MLIST - [oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)

MLIST - [oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)


Last Updated: 27 May 2016 11:05:10