CVE-2013-6396
OpenStack Swift Python Client 1.0-1.9.0 - Unauthenticated Man-in-the-Middle via Unverified X.509 Certificates
Title source: llmDescription
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/python-swiftclient/+bug/1199783
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/17/7
Scores
EPSS
0.0014
EPSS Percentile
33.2%
Details
CWE
CWE-310
Status
published
Products (27)
openstack/swift
1.0.0
openstack/swift
1.0.1
openstack/swift
1.0.2
openstack/swift
1.1.0 (3 CPE variants)
openstack/swift
1.2.0 (3 CPE variants)
openstack/swift
1.3.0 (3 CPE variants)
openstack/swift
1.4.0
openstack/swift
1.4.1
openstack/swift
1.4.2
openstack/swift
1.4.3
... and 17 more
Published
Feb 18, 2014
Tracked Since
Feb 18, 2026