Vulnerabilities

CVE-2013-1909

by Fred · 23/08/2013

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Date published : 2013-08-23

http://qpid.apache.org/releases/qpid-0.22/release-notes.html

http://svn.apache.org/viewvc?view=revision&revision=1460013

Similar

Tags: Cybersecurity Alert