What is the severity of CVE-2014-9365?

CVE-2014-9365 is considered a moderate severity vulnerability due to its potential to allow man-in-the-middle attacks.

How do I fix CVE-2014-9365?

To fix CVE-2014-9365, upgrade Python to version 2.7.9 or 3.4.3 or later.

Which Python versions are affected by CVE-2014-9365?

CVE-2014-9365 affects Python versions 2.x before 2.7.9 and 3.x before 3.4.3.

What is the impact of CVE-2014-9365?

The impact of CVE-2014-9365 is that HTTPS connections may be insecure, as certificate validation is not performed.

Is there a workaround for CVE-2014-9365?

There is no recommended workaround for CVE-2014-9365 other than upgrading to a secure version of Python.

Vulnerability/
CVE-2014-9365

medium

5.8

11/12/2014

12/12/2014

6/8/2024

CVE-2014-9365

First published: Thu Dec 11 2014(Updated: )

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/Python	<2.7.9	2.7.9
redhat/Python	<3.4.3	3.4.3
Python Programming Language	=2.0
Python Programming Language	=2.0.1
Python Programming Language	=2.1
Python Programming Language	=2.1.1
Python Programming Language	=2.1.2
Python Programming Language	=2.1.3
Python Programming Language	=2.2
Python Programming Language	=2.2.1
Python Programming Language	=2.2.2
Python Programming Language	=2.2.3
Python Programming Language	=2.3.1
Python Programming Language	=2.3.2
Python Programming Language	=2.3.3
Python Programming Language	=2.3.4
Python Programming Language	=2.3.5
Python Programming Language	=2.3.7
Python Programming Language	=2.4.1
Python Programming Language	=2.4.2
Python Programming Language	=2.4.3
Python Programming Language	=2.4.4
Python Programming Language	=2.4.6
Python Programming Language	=2.5.1
Python Programming Language	=2.5.2
Python Programming Language	=2.5.3
Python Programming Language	=2.5.4
Python Programming Language	=2.5.6
Python Programming Language	=2.5.150
Python Programming Language	=2.6.1
Python Programming Language	=2.6.2
Python Programming Language	=2.6.3
Python Programming Language	=2.6.4
Python Programming Language	=2.6.5
Python Programming Language	=2.6.6
Python Programming Language	=2.6.7
Python Programming Language	=2.6.8
Python Programming Language	=2.6.2150
Python Programming Language	=2.6.6150
Python Programming Language	=2.7.1
Python Programming Language	=2.7.1-rc1
Python Programming Language	=2.7.2-rc1
Python Programming Language	=2.7.3
Python Programming Language	=2.7.4
Python Programming Language	=2.7.5
Python Programming Language	=2.7.6
Python Programming Language	=2.7.7
Python Programming Language	=2.7.8
Python Programming Language	=2.7.1150
Python Programming Language	=2.7.1150
Python Programming Language	=2.7.2150
Python Programming Language	=3.0
Python Programming Language	=3.0.1
Python Programming Language	=3.1
Python Programming Language	=3.1.1
Python Programming Language	=3.1.2
Python Programming Language	=3.1.3
Python Programming Language	=3.1.4
Python Programming Language	=3.1.5
Python Programming Language	=3.1.2150
Python Programming Language	=3.2
Python Programming Language	=3.2-alpha
Python Programming Language	=3.2.0
Python Programming Language	=3.2.1
Python Programming Language	=3.2.2
Python Programming Language	=3.2.3
Python Programming Language	=3.2.4
Python Programming Language	=3.2.5
Python Programming Language	=3.2.6
Python Programming Language	=3.2.2150
Python Programming Language	=3.3
Python Programming Language	=3.3-beta2
Python Programming Language	=3.3.0
Python Programming Language	=3.3.1
Python Programming Language	=3.3.1-rc1
Python Programming Language	=3.3.2
Python Programming Language	=3.3.3
Python Programming Language	=3.3.3-rc1
Python Programming Language	=3.3.3-rc2
Python Programming Language	=3.3.4
Python Programming Language	=3.3.4-rc1
Python Programming Language	=3.3.5
Python Programming Language	=3.3.5-rc1
Python Programming Language	=3.3.5-rc2
Python Programming Language	=3.3.6-rc1
Python Programming Language	=3.4-alpha1
Python Programming Language	=3.4.0
Python Programming Language	=3.4.1
Python Programming Language	=3.4.2
macOS Yosemite	<=10.10.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9365?
CVE-2014-9365 is considered a moderate severity vulnerability due to its potential to allow man-in-the-middle attacks.
How do I fix CVE-2014-9365?
To fix CVE-2014-9365, upgrade Python to version 2.7.9 or 3.4.3 or later.
Which Python versions are affected by CVE-2014-9365?
CVE-2014-9365 affects Python versions 2.x before 2.7.9 and 3.x before 3.4.3.
What is the impact of CVE-2014-9365?
The impact of CVE-2014-9365 is that HTTPS connections may be insecure, as certificate validation is not performed.
Is there a workaround for CVE-2014-9365?
There is no recommended workaround for CVE-2014-9365 other than upgrading to a secure version of Python.

agent/type
agent/first-publish-date
agent/references
agent/severity
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-9365
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
package-manager/redhat
vendor/python
canonical/python programming language
version/python programming language/2.0
version/python programming language/2.0.1
version/python programming language/2.1
version/python programming language/2.1.1
version/python programming language/2.1.2
version/python programming language/2.1.3
version/python programming language/2.2
version/python programming language/2.2.1
version/python programming language/2.2.2
version/python programming language/2.2.3
version/python programming language/2.3.1
version/python programming language/2.3.2
version/python programming language/2.3.3
version/python programming language/2.3.4
version/python programming language/2.3.5
version/python programming language/2.3.7
version/python programming language/2.4.1
version/python programming language/2.4.2
version/python programming language/2.4.3
version/python programming language/2.4.4
version/python programming language/2.4.6
version/python programming language/2.5.1
version/python programming language/2.5.2
version/python programming language/2.5.3
version/python programming language/2.5.4
version/python programming language/2.5.6
version/python programming language/2.5.150
version/python programming language/2.6.1
version/python programming language/2.6.2
version/python programming language/2.6.3
version/python programming language/2.6.4
version/python programming language/2.6.5
version/python programming language/2.6.6
version/python programming language/2.6.7
version/python programming language/2.6.8
version/python programming language/2.6.2150
version/python programming language/2.6.6150
version/python programming language/2.7.1
version/python programming language/2.7.1-rc1
version/python programming language/2.7.2-rc1
version/python programming language/2.7.3
version/python programming language/2.7.4
version/python programming language/2.7.5
version/python programming language/2.7.6
version/python programming language/2.7.7
version/python programming language/2.7.8
version/python programming language/2.7.1150
version/python programming language/2.7.2150
version/python programming language/3.0
version/python programming language/3.0.1
version/python programming language/3.1
version/python programming language/3.1.1
version/python programming language/3.1.2
version/python programming language/3.1.3
version/python programming language/3.1.4
version/python programming language/3.1.5
version/python programming language/3.1.2150
version/python programming language/3.2
version/python programming language/3.2-alpha
version/python programming language/3.2.0
version/python programming language/3.2.1
version/python programming language/3.2.2
version/python programming language/3.2.3
version/python programming language/3.2.4
version/python programming language/3.2.5
version/python programming language/3.2.6
version/python programming language/3.2.2150
version/python programming language/3.3
version/python programming language/3.3-beta2
version/python programming language/3.3.0
version/python programming language/3.3.1
version/python programming language/3.3.1-rc1
version/python programming language/3.3.2
version/python programming language/3.3.3
version/python programming language/3.3.3-rc1
version/python programming language/3.3.3-rc2
version/python programming language/3.3.4
version/python programming language/3.3.4-rc1
version/python programming language/3.3.5
version/python programming language/3.3.5-rc1
version/python programming language/3.3.5-rc2
version/python programming language/3.3.6-rc1
version/python programming language/3.4-alpha1
version/python programming language/3.4.0
version/python programming language/3.4.1
version/python programming language/3.4.2
vendor/apple
canonical/macos yosemite
version/macos yosemite/10.10.4

CVE-2014-9365

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9365?

How do I fix CVE-2014-9365?

Which Python versions are affected by CVE-2014-9365?

What is the impact of CVE-2014-9365?

Is there a workaround for CVE-2014-9365?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-9365?

How do I fix CVE-2014-9365?

Which Python versions are affected by CVE-2014-9365?

What is the impact of CVE-2014-9365?

Is there a workaround for CVE-2014-9365?