Home

CVE-2013-4238

Description

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Risk Information

Base Score
7.4
MODERATE
Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
2.891

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Python for MAC 2.6.5Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.2Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.1Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.4Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.6Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.7Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.0Mac
Multiple Vulnerabilities are affected in Python for MAC 3.0.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.2Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.3Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.2Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.3Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.6150Mac
Vulnerabilities CVE-2011-4944,CVE-2013-4238,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 2.6.8Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.1150Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.2Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.3Mac
Vulnerabilities CVE-2011-4944,CVE-2013-4238,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 3.1.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.4Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.5Mac
Multiple Vulnerabilities are affected in Python for MAC 3.2.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 3.2.3Mac
Vulnerabilities CVE-2013-4238,CVE-2013-7040,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 3.3Mac
Vulnerabilities CVE-2013-4238,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 3.4Mac
Vulnerabilities CVE-2013-4238,CVE-2013-7040,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 3.3Mac
python2.7 security update(DSA-2880-1) python2.7_2.7.3-6+deb7u2_i386.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234