Red Hat Customer Portal

Skip to main content

CVE-2013-2099

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

Details Source

Red Hat

Statement

Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the SSL module there did not implement the match_hostname() routine yet.

Public Date

2013-05-15 00:00:00

Impact

Low

Bugzilla

CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns

Bugzilla ID

963 260

CVSS Status

verified

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Florian Weimer (Red Hat Product Security).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Storage Native Client for Red Hat Enterprise Linux 5 (glusterfs) RHSA-2014:1263 2014-09-18
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) (python27-python-pymongo) RHSA-2016:1166 2016-05-31
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) (python27-python-pymongo) RHSA-2016:1166 2016-05-31
Red Hat Storage Console 2.1 RHSA-2014:1263 2014-09-18
Red Hat Storage Server 2.1 (python-backports-ssl_match_hostname) RHSA-2014:1263 2014-09-18
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 (glusterfs) RHSA-2014:1263 2014-09-18
Red Hat Enterprise Linux OpenStack Platform 4.0 (python-backports-ssl_match_hostname) RHSA-2014:1690 2014-10-22
Red Hat Common for Red Hat Enterprise Linux 6 (python-backports-ssl_match_hostname) RHSA-2015:0042 2015-01-13

CWE

CWE-407

Affected Packages State

Platform Package State
Red Hat Subscription Asset Manager 1 pymongo Not affected
Red Hat Satellite 6 python-pymongo Affected
Red Hat Satellite 6 python-backports-ssl_match_hostname Affected
Red Hat OpenShift Enterprise 2 python-pymongo Affected
Red Hat Enterprise MRG 2 pymongo Not affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 python-pymongo Affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 python-pymongo Affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 python-pymongo Affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 python-backports-ssl_match_hostname Not affected
Red Hat Enterprise Linux OpenStack Platform 4.0 python-pymongo Will not fix
Red Hat Enterprise Linux OpenStack Platform 3.0 python-backports-ssl_match_hostname Will not fix
Red Hat Enterprise Linux 7 python Not affected
Red Hat Enterprise Linux 7 python-tornado Not affected
Red Hat Enterprise Linux 7 bzr Fix deferred
Red Hat Enterprise Linux 6 python Not affected
Red Hat Enterprise Linux 6 bzr Not affected
Red Hat Enterprise Linux 5 python Not affected