Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Libcloud 中间人信息泄露漏洞
Vulnerability Description
Libcloud是美国阿帕奇(Apache)软件基金会的一个Python库,它为各个云供应商的专有API提供了厂商中立的接口。 Apache Libcloud 0.11.1之前版本中存在漏洞,该漏洞源于在主题的Common Name (CN)或subjectAltName字段的X.509证书中服务器主机名是否匹配域名验证期间,使用错误的正则表达式。中间人攻击者利用该漏洞通过特制的证书欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A