CVE-2010-4340

Severity

43%

Complexity

86%

Confidentiality

48%

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Apache Software Foundation libcloud

First reported 13 years ago

2011-09-12 12:41:00

Last updated 13 years ago

2011-09-13 04:00:00

Affected Software

Apache Software Foundation libcloud 0.2.0

0.2.0

Apache Software Foundation libcloud 0.3.0

0.3.0

Apache Software Foundation libcloud 0.3.1

0.3.1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463

[libcloud] 20100929 [jira] Closed: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.

[libcloud] 20101108 SSL certs checking

http://wiki.apache.org/incubator/LibcloudSSL

https://issues.apache.org/jira/browse/LIBCLOUD-55

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.