CVE-2013-7440 - Vulnerability Details

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Python	Python
Redhat	Rhel Software Collections Satellite Satellite Capsule

Configuration 1 [-]

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:python:python:3.0:::::::*
	cpe:2.3:a:python:python:3.0.1:::::::*
	cpe:2.3:a:python:python:3.1:::::::*
	cpe:2.3:a:python:python:3.1.1:::::::*
	cpe:2.3:a:python:python:3.1.2:::::::*
	cpe:2.3:a:python:python:3.1.3:::::::*
	cpe:2.3:a:python:python:3.1.4:::::::*
	cpe:2.3:a:python:python:3.1.5:::::::*
	cpe:2.3:a:python:python:3.1.2150::::::x64:
	cpe:2.3:a:python:python:3.2:::::::*
	cpe:2.3:a:python:python:3.2:alpha::::::
	cpe:2.3:a:python:python:3.2.0:::::::*
	cpe:2.3:a:python:python:3.2.1:::::::*
	cpe:2.3:a:python:python:3.2.2:::::::*
	cpe:2.3:a:python:python:3.2.3:::::::*
	cpe:2.3:a:python:python:3.2.4:::::::*
	cpe:2.3:a:python:python:3.2.5:::::::*
	cpe:2.3:a:python:python:3.2.6:::::::*
	cpe:2.3:a:python:python:3.2.2150:::::::*
	cpe:2.3:a:python:python:3.3:::::::*
	cpe:2.3:a:python:python:3.3:beta2::::::
	cpe:2.3:a:python:python:3.3.0:::::::*
	cpe:2.3:a:python:python:3.3.1:::::::*
	cpe:2.3:a:python:python:3.3.1:rc1::::::
	cpe:2.3:a:python:python:3.3.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.0
python-httplib2-0:0.7.2-1.el6	cpe:/a:redhat:satellite:6.0::el6	RHEA-2014:1175	2014-09-10T00:00:00Z
python-httplib2-0:0.7.2-1.el6	cpe:/a:redhat:satellite_capsule:6.0::el6	RHEA-2014:1175	2014-09-10T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6
python27-0:1.1-25.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-numpy-1:1.7.1-10.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-0:2.7.8-16.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-docutils-0:0.11-2.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pip-0:7.1.0-2.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pymongo-0:3.2.1-1.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-virtualenv-0:13.1.0-1.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-PyYAML-0:3.10-14.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-scipy-0:0.12.1-3.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
python27-0:1.1-25.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-numpy-1:1.7.1-10.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-0:2.7.8-16.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-docutils-0:0.11-2.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pip-0:7.1.0-2.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pymongo-0:3.2.1-1.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-virtualenv-0:13.1.0-1.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-PyYAML-0:3.10-14.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-scipy-0:0.12.1-3.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
python27-0:1.1-25.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-numpy-1:1.7.1-10.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-0:2.7.8-16.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-docutils-0:0.11-2.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pip-0:7.1.0-2.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pymongo-0:3.2.1-1.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-virtualenv-0:13.1.0-1.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-PyYAML-0:3.10-14.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-scipy-0:0.12.1-3.el6	cpe:/a:redhat:rhel_software_collections:2::el6	RHSA-2016:1166	2016-05-31T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
python27-0:1.1-25.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-numpy-1:1.7.1-10.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-0:2.7.8-14.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pip-0:7.1.0-2.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pymongo-0:3.2.1-1.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-virtualenv-0:13.1.0-1.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-PyYAML-0:3.10-14.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-scipy-0:0.12.1-4.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
python27-0:1.1-25.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-numpy-1:1.7.1-10.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-0:2.7.8-14.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pip-0:7.1.0-2.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pymongo-0:3.2.1-1.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-virtualenv-0:13.1.0-1.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-PyYAML-0:3.10-14.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-scipy-0:0.12.1-4.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
python27-0:1.1-25.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-numpy-1:1.7.1-10.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-0:2.7.8-14.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pip-0:7.1.0-2.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-pymongo-0:3.2.1-1.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-python-virtualenv-0:13.1.0-1.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-PyYAML-0:3.10-14.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z
python27-scipy-0:0.12.1-4.el7	cpe:/a:redhat:rhel_software_collections:2::el7	RHSA-2016:1166	2016-05-31T00:00:00Z

References

Link	Providers
http://seclists.org/oss-sec/2015/q2/483
http://seclists.org/oss-sec/2015/q2/523
http://www.securityfocus.com/bid/74707
https://access.redhat.com/errata/RHSA-2016:1166
https://bugs.python.org/issue17997
https://bugzilla.redhat.com/show_bug.cgi?id=1224999
https://hg.python.org/cpython/rev/10d0edadbcdd
https://nvd.nist.gov/vuln/detail/CVE-2013-7440
https://www.cve.org/CVERecord?id=CVE-2013-7440

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-07T18:00:00

Updated: 2024-08-06T18:09:16.919Z

Reserved: 2015-05-19T00:00:00

Link: CVE-2013-7440

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-06-07T18:59:00.120

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-7440

Redhat

Severity : Low

Publid Date: 2013-08-12T00:00:00Z

Links: CVE-2013-7440 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2015/q2/483"}, {"name": "RHSA-2016:1166", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1166"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hg.python.org/cpython/rev/10d0edadbcdd"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.python.org/issue17997"}, {"name": "74707", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74707"}, {"name": "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2015/q2/523"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-7440", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2015/q2/483"}, {"name": "RHSA-2016:1166", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1166"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"}, {"name": "https://hg.python.org/cpython/rev/10d0edadbcdd", "refsource": "CONFIRM", "url": "https://hg.python.org/cpython/rev/10d0edadbcdd"}, {"name": "https://bugs.python.org/issue17997", "refsource": "CONFIRM", "url": "https://bugs.python.org/issue17997"}, {"name": "74707", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74707"}, {"name": "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2015/q2/523"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:09:16.919Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2015/q2/483"}, {"name": "RHSA-2016:1166", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1166"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://hg.python.org/cpython/rev/10d0edadbcdd"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.python.org/issue17997"}, {"name": "74707", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74707"}, {"name": "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2015/q2/523"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-7440", "datePublished": "2016-06-07T18:00:00", "dateReserved": "2015-05-19T00:00:00", "dateUpdated": "2024-08-06T18:09:16.919Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9D10FF2-EEA1-4CEF-B1C5-158E40E59463", "versionEndIncluding": "2.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C702F-59E0-40AB-BA95-8F0803AB0550", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3190C547-7230-476C-A43F-641FE7B891EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "74AC7EE5-F01D-4F28-80D1-4076B7B24BA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B547525-E0DB-4D64-8ED1-AF3F1B6FF65F", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "19064C18-1CD7-4F10-8065-4B900BB31F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1997CB6-FD72-4B13-915A-7500AA06F4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "06A1811C-4E97-4226-8335-ADF0827A03B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BF2C50D1-187B-4E98-BA02-008D0ED4C220", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*", "matchCriteriaId": "9EB9683A-EE1C-4EB6-BF27-39A274B37D3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "87845E79-F4A3-4390-9ACF-A14E86BCDB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "E2C8F3C4-91AB-4AE3-A2FB-A093F97742FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B511BDFA-D1DC-4E50-9A08-66DA05947A43", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0708E98D-5C84-47DC-89E5-8BB7CFFB12A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "6595C4F3-5683-4889-AD30-83840F6A58D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "027FD902-9B08-4EDF-9F83-314FBF0583ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "89FB9D30-8559-4F57-9D20-DC603765B346", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "957FCB4A-32D0-4449-8995-80144CC713B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C17A0E8D-7611-42F7-896E-F2B3BC25643D", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*", "matchCriteriaId": "F236E583-D23D-4769-8A25-EBFC930E4798", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "6DF7665B-3A10-46D1-B486-AFC9ED6C0B8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*", "matchCriteriaId": "0E2DAB9D-5D7D-40ED-8110-E3FDF7AE0729", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "875ABC97-2783-41DA-AB9F-9E6F0870B74C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5262D28D-204C-41E8-BC4D-27372E366295", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "0D553F40-92C2-4537-AF74-5F9307E20AE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "121225D0-C5DA-4F26-93B8-3D56BC1D38B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate."}, {"lang": "es", "value": "La funci\u00f3n ssl.match_hostname en CPython (tambi\u00e9n concida como Python) en versiones anteriores a 2.7.9 y 3.x en versiones anteriores a 3.3.3 no maneja correctamente comodines en los nombres de host, lo que podr\u00eda permitir a atacantes man-in-the-middle suplantar servidores a trav\u00e9s de un certificado manipulado."}], "id": "CVE-2013-7440", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-07T18:59:00.120", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2015/q2/483"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2015/q2/523"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/74707"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:1166"}, {"source": "secalert@redhat.com", "url": "https://bugs.python.org/issue17997"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"}, {"source": "secalert@redhat.com", "url": "https://hg.python.org/cpython/rev/10d0edadbcdd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2015/q2/483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2015/q2/523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2016:1166"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.python.org/issue17997"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hg.python.org/cpython/rev/10d0edadbcdd"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHEA-2014:1175", "cpe": "cpe:/a:redhat:satellite:6.0::el6", "package": "python-httplib2-0:0.7.2-1.el6", "product_name": "Red Hat Satellite 6.0", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHEA-2014:1175", "cpe": "cpe:/a:redhat:satellite_capsule:6.0::el6", "package": "python-httplib2-0:0.7.2-1.el6", "product_name": "Red Hat Satellite 6.0", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-0:1.1-25.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-numpy-1:1.7.1-10.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-0:2.7.8-16.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-docutils-0:0.11-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-pip-0:7.1.0-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-pymongo-0:3.2.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-virtualenv-0:13.1.0-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-PyYAML-0:3.10-14.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-scipy-0:0.12.1-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-0:1.1-25.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-numpy-1:1.7.1-10.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-0:2.7.8-16.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-docutils-0:0.11-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-pip-0:7.1.0-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-pymongo-0:3.2.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-virtualenv-0:13.1.0-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-PyYAML-0:3.10-14.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-scipy-0:0.12.1-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-0:1.1-25.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-numpy-1:1.7.1-10.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-0:2.7.8-16.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-docutils-0:0.11-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-pip-0:7.1.0-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-pymongo-0:3.2.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-virtualenv-0:13.1.0-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-PyYAML-0:3.10-14.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-scipy-0:0.12.1-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-0:1.1-25.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-numpy-1:1.7.1-10.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-0:2.7.8-14.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-pip-0:7.1.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-pymongo-0:3.2.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-virtualenv-0:13.1.0-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-PyYAML-0:3.10-14.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-scipy-0:0.12.1-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-0:1.1-25.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-numpy-1:1.7.1-10.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-0:2.7.8-14.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-pip-0:7.1.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-pymongo-0:3.2.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-virtualenv-0:13.1.0-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-PyYAML-0:3.10-14.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-scipy-0:0.12.1-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-0:1.1-25.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-numpy-1:1.7.1-10.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-0:2.7.8-14.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-pip-0:7.1.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-pymongo-0:3.2.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-virtualenv-0:13.1.0-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-PyYAML-0:3.10-14.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}, {"advisory": "RHSA-2016:1166", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-scipy-0:0.12.1-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-05-31T00:00:00Z"}], "bugzilla": {"description": "python: wildcard matching rules do not follow RFC 6125", "id": "1224999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.", "Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC 6125 recommendations."], "name": "CVE-2013-7440", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:1.1", "fix_state": "Not affected", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Ceph Storage 1.1"}, {"cpe": "cpe:/a:redhat:ceph_storage:1.2", "fix_state": "Not affected", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Ceph Storage 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "python-setuptools", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bzr", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python-setuptools", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "bzr", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python-setuptools", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python-virtualenv", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Fix deferred", "package_name": "python-pymongo", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "python-pip", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Fix deferred", "package_name": "python-pymongo", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Fix deferred", "package_name": "python-pymongo", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "pymongo", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "python27-python-pip", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "python-pymongo", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "python-virtualenv", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "python-pymongo", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "python-requests", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "python27-python-setuptools", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "python33-python", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "python33-python-pymongo", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "python33-python-setuptools", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "python33-python-virtualenv", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-python34-python", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-python34-python-pip", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-python34-python-pymongo", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-python34-python-setuptools", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-python34-python-virtualenv", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Will not fix", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Storage 2.1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "python-backports-ssl_match_hostname", "product_name": "Red Hat Storage 3.0"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "pymongo", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Not affected", "package_name": "pymongo", "product_name": "RHUI for RHEL 6"}], "public_date": "2013-08-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7440\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7440"], "statement": "This issue affects the versions of python27-python-pip, python-pymongo and python-virtualenv as shipped with Red Hat OpenShift 2.x and Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object