CVE-2012-5825 in Kronolithinfo

Summary

Tweepy does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

11/04/2012

Disclosure

11/04/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.3

EPSS

0.00147

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5825
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5825
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5825/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!