{"id":"PYSEC-2014-94","details":"PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","aliases":["CVE-2013-6444","GHSA-gh2c-6m38-c78j"],"modified":"2024-04-29T16:41:31.488451Z","published":"2014-05-05T17:06:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1044246"},{"type":"WEB","url":"http://seclists.org/oss-sec/2013/q4/524"},{"type":"WEB","url":"http://sourceforge.net/p/pywbem/mailman/message/31757312/"},{"type":"WEB","url":"http://sourceforge.net/p/pywbem/code/627/"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/64544"}],"affected":[{"package":{"name":"pywbem","ecosystem":"PyPI","purl":"pkg:pypi/pywbem"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.1"}]}],"versions":["0.7.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pywbem/PYSEC-2014-94.yaml"}}],"schema_version":"1.7.3"}