Safety vulnerability ID: 35343
The information on this page was manually curated by our Cybersecurity Intelligence Team.
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
Latest version: 3.8.0
A standard Python library that abstracts away differences among multiple cloud provider APIs. For more information and documentation, please see https://libcloud.apache.org
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
MLIST:[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.: http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
MLIST:[libcloud] 20101108 SSL certs checking: http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser
MISC:http://wiki.apache.org/incubator/LibcloudSSL: http://wiki.apache.org/incubator/LibcloudSSL
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
CONFIRM:https://issues.apache.org/jira/browse/LIBCLOUD-55: https://issues.apache.org/jira/browse/LIBCLOUD-55
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application