CVE-2013-7440 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-7440 PUBLISHED

Reported by redhat · Published June 7, 2016

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Timeline

Jun 7, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix mailing-listx_refsource_MLIST
RHSA-2016:1166 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
x_refsource_CONFIRM
x_refsource_CONFIRM
74707 vdb-entryx_refsource_BID
[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix mailing-listx_refsource_MLIST

Open in Interactive Console →