CVE-2010-4340
Apache Libcloud < 0.4.1 - SSL Certificate Validation Bypass
Title source: llmDescription
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
References (5)
Core 5
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E
Third Party Advisory x_refsource_misc
http://wiki.apache.org/incubator/LibcloudSSL
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/LIBCLOUD-55
Scores
EPSS
0.0138
EPSS Percentile
69.0%
Details
CWE
CWE-264
Status
published
Products (5)
apache/libcloud
0.2.0
apache/libcloud
0.3.0
apache/libcloud
0.3.1
apache/libcloud
< 0.4.0
pypi/apache-libcloud
0 - 0.4.0PyPI
Published
Sep 12, 2011
Tracked Since
Feb 18, 2026