Safety vulnerability ID: 25628
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Latest version: 3.8.0
A standard Python library that abstracts away differences among multiple cloud provider APIs. For more information and documentation, please see https://libcloud.apache.org
-----------------------------------
General
~~~~~~~
- Fix hostname validation in the SSL verification code (CVE-2012-3446).
Reported by researchers from the University of Texas at Austin (Martin
Georgiev, Suman Jana and Vitaly Shmatikov).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application