1 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. La X509Extension en pyOpenSSL ante de 0.13.1 no maneja apropiadamente el carácter "\0" en el nombre de dominio en el campo Subject Alternative Name de un certificado X.509 que permite a atacantes man-in-the-middle suplantar servidores SSL a través de un un certificado manipulado emitido por una autoridad de certificación legítima • http://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html http://www.debian.org/security/2013/dsa-2763 http://www.openwall.com/lists/oss-security/2013/09/06/2 http://www.ubuntu.com/usn/USN-1965-1 https://bugzilla.redhat.com/show_bug.cgi?id=1005325 https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html • CWE-20: Improper Input Validation •