CVE-2013-1909 in Red Hat and Apache Products
Published on August 23, 2013

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vendor Advisory NVD

Products Associated with CVE-2013-1909

stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Mrg or Apache Qpid. Just hit a watch button to start following.

Red Hat Enterprise Mrg

Apache Qpid

Exploit Probability

EPSS

0.81%

Percentile

73.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-1909 in Red Hat and Apache ProductsPublished on August 23, 2013

Products Associated with CVE-2013-1909

Exploit Probability

CVE-2013-1909 in Red Hat and Apache Products
Published on August 23, 2013