High severityNVD Advisory· Published Aug 23, 2013· Updated Jun 16, 2026
CVE-2013-1909
CVE-2013-1909
Description
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
qpid-pythonPyPI | < 0.22 | 0.22 |
Affected products
18cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*range: <=0.20
- cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- svn.apache.org/viewvcnvdPatchWEB
- issues.apache.org/jira/browse/QPID-4918nvdPatchWEB
- secunia.com/advisories/53968nvdVendor Advisory
- secunia.com/advisories/54137nvdVendor Advisory
- github.com/advisories/GHSA-3g2p-7c6p-vj8cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1909ghsaADVISORY
- qpid.apache.org/releases/qpid-0.22/release-notes.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1024.htmlnvdWEB
- github.com/apache/qpid-python/commit/7d8f51791c4949404d78f1083f465b7b4c8e954bghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/qpid-python/PYSEC-2013-25.yamlghsaWEB
- web.archive.org/web/20140722191407/http://secunia.com/advisories/53968ghsaWEB
- web.archive.org/web/20140722194233/http://secunia.com/advisories/54137ghsaWEB
News mentions
0No linked articles in our index yet.