Improper input validation in Apache Qpid
CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoo…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.
Affected products
- Apache Qpid — versions 0.5, 0.6, 0.7
- Redhat Enterprise_mrg — versions 2.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 53968 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- RHSA-2013:1024 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 54137 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)