CVE-2015-2674

MEDIUM

Restkit - Improper Certificate Validation

Title source: rule

Description

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.

References (3)

[Mailing List, VDB Entry] http://www.openwall.com/lists/oss-security/2015/03/23/7

[Issue Tracking, Third Party Advisory, VDB Entry] https://bugzilla.redhat.com/show_bug.cgi?id=1202837

[Third Party Advisory] https://github.com/benoitc/restkit/issues/140

Scores

CVSS v3 5.9

EPSS 0.0034

EPSS Percentile 56.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-295

Status published

Products (3)

restkit/restkit

n/a/n/a

pypi/restkit PyPI

Published Aug 09, 2017

Tracked Since Feb 18, 2026