CVE-2010-4340
First published: Sun Sep 11 2011(Updated: )
libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python's SSL module rather than directly with libcloud.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Libcloud | =0.3.1 | |
| Apache Libcloud | =0.3.0 | |
| Apache Libcloud | <=0.4.0 | |
| Apache Libcloud | =0.2.0 | |
| pip/apache-libcloud | <0.4.0 | 0.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
- http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser
- http://wiki.apache.org/incubator/LibcloudSSL
- https://issues.apache.org/jira/browse/LIBCLOUD-55
- http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3E
- https://nvd.nist.gov/vuln/detail/CVE-2010-4340
- https://github.com/apache/libcloud/commit/87ee61e6ba03a43dcefea2ce180988bec066b6fd
- https://bugs.python.org/issue1589
- https://github.com/advisories/GHSA-w3j6-8j34-q43x (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-libcloud/PYSEC-2011-24.yaml
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-w3j6-8j34-q43x
- alias/CVE-2010-4340
- agent/references
- agent/severity
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/github-advisory
- agent/description
- agent/softwarecombine
- agent/trending
- vendor/apache
- canonical/apache libcloud
- version/apache libcloud/0.3.1
- version/apache libcloud/0.3.0
- version/apache libcloud/0.4.0
- version/apache libcloud/0.2.0
- package-manager/pip