CVE-2013-2099

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

References

http://bugs.python.org/issue17980

http://rhn.redhat.com/errata/RHSA-2014-1690.html

http://secunia.com/advisories/55107

http://secunia.com/advisories/55116

http://www.openwall.com/lists/oss-security/2013/05/16/6

http://www.ubuntu.com/usn/USN-1983-1

http://www.ubuntu.com/usn/USN-1984-1

http://www.ubuntu.com/usn/USN-1985-1

https://access.redhat.com/errata/RHSA-2016:1166

https://bugzilla.redhat.com/show_bug.cgi?id=963260

Details

Source: MITRE

Published: 2013-10-09

Updated: 2016-06-09

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
103429Debian DLA-1107-1 : bzr security updateNessusDebian Local Security Checks
high
89544Fedora 22 : python-pymongo-2.5.2-8.fc22 (2016-52b294538d)NessusFedora Local Security Checks
medium
89540Fedora 23 : python-pymongo-2.5.2-8.fc23 (2016-50abc3e885)NessusFedora Local Security Checks
medium
83272Amazon Linux AMI : python-tornado (ALAS-2015-521)NessusAmazon Linux Local Security Checks
medium
80506RHEL 6 : cloud-init (RHSA-2015:0042)NessusRed Hat Local Security Checks
medium
80134Fedora 19 : python-tornado-2.2.1-7.fc19 (2014-16477)NessusFedora Local Security Checks
medium
80061Fedora 20 : python-tornado-2.2.1-7.fc20 (2014-16390)NessusFedora Local Security Checks
medium
77431openSUSE Security Update : python3 (openSUSE-SU-2014:1070-1)NessusSuSE Local Security Checks
critical
71811GLSA-201401-04 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
70269Ubuntu 12.10 / 13.04 : python3.3 vulnerabilities (USN-1985-1)NessusUbuntu Local Security Checks
medium
70268Ubuntu 12.04 LTS / 12.10 : python3.2 vulnerabilities (USN-1984-1)NessusUbuntu Local Security Checks
medium
70267Ubuntu 12.04 LTS / 12.10 / 13.04 : python2.7 vulnerabilities (USN-1983-1)NessusUbuntu Local Security Checks
medium
69842Mandriva Linux Security Advisory : bzr (MDVSA-2013:229)NessusMandriva Local Security Checks
medium
69064Fedora 19 : python-pip-1.3.1-4.fc19 (2013-13216)NessusFedora Local Security Checks
medium
69063Fedora 17 : python-pip-1.3.1-4.fc17 (2013-13213)NessusFedora Local Security Checks
medium
69062Fedora 18 : python-pip-1.3.1-4.fc18 (2013-13140)NessusFedora Local Security Checks
medium
68887Fedora 17 : zeroinstall-injector-2.3-1.fc17 (2013-12421)NessusFedora Local Security Checks
medium
68886Fedora 19 : zeroinstall-injector-2.3-1.fc19 (2013-12414)NessusFedora Local Security Checks
medium
68884Fedora 18 : zeroinstall-injector-2.3-1.fc18 (2013-12396)NessusFedora Local Security Checks
medium
67371Fedora 17 : bzr-2.5.1-11.fc17 (2013-9628)NessusFedora Local Security Checks
medium
67369Fedora 18 : bzr-2.5.1-11.fc18 (2013-9620)NessusFedora Local Security Checks
medium
67366Fedora 19 : bzr-2.5.1-11.fc19 (2013-9538)NessusFedora Local Security Checks
medium