N/A
CVE-2013-4238
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
EPSS
1.4%
percentile 80.5%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:3.4:alpha1:*:*:*:*:*:* |