High severityNVD Advisory· Published Sep 12, 2011· Updated Apr 29, 2026
CVE-2010-4340
CVE-2010-4340
Description
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-libcloudPyPI | < 0.4.0 | 0.4.0 |
Affected products
4Patches
187ee61e6ba03LIBCLOUD-55: Add warnings and a link to Python bug tracker
2 files changed · +15 −1
libcloud/base.py+8 −0 modified@@ -307,6 +307,14 @@ class ConnectionKey(object): """ A Base Connection class to derive from. """ + + # WARNING: Python's built-in SSL does not do certificate validation. As + # such, one cannot be sure of the other end of the conversation with any + # sufficient authority. If you are in a position to be exploited (i.e., on + # an untrusted network), be cautious with SSL connections. This is an issue + # with upstream Python (see http://bugs.python.org/issue1589 for details) + # and not with libcloud. + #conn_classes = (httplib.LoggingHTTPConnection, LoggingHTTPSConnection) conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
README+7 −1 modified@@ -7,4 +7,10 @@ Apache libcloud is an incubator project at the Apache Software Foundation, see <http://incubator.apache.org/libcloud> for more information. For API documentation and examples, see: - <http://incubator.apache.org/libcloud/getting-started.html> \ No newline at end of file + <http://incubator.apache.org/libcloud/getting-started.html> + +WARNING: Python's built-in SSL does not do certificate validation. As such, one +cannot be sure of the other end of the conversation with any sufficient +authority. If you are in a position to be exploited (i.e., on an untrusted +network), be cautious with SSL connections. This is an issue with upstream +Python (see http://bugs.python.org/issue1589 for details) and not with libcloud.
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- github.com/advisories/GHSA-w3j6-8j34-q43xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-4340ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
- mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3EghsaWEB
- mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browsernvdWEB
- wiki.apache.org/incubator/LibcloudSSLnvdWEB
- bugs.python.org/issue1589ghsaWEB
- github.com/apache/libcloud/commit/87ee61e6ba03a43dcefea2ce180988bec066b6fdghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-libcloud/PYSEC-2011-24.yamlghsaWEB
- issues.apache.org/jira/browse/LIBCLOUD-55nvdWEB
- mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira%40thor%3Envd
News mentions
0No linked articles in our index yet.