Moderate severityNVD Advisory· Published Jan 18, 2014· Updated Jun 16, 2026
CVE-2013-2037
CVE-2013-2037
Description
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
httplib2PyPI | < 0.10.1 | 0.10.1 |
Affected products
7cpe:2.3:a:httplib2_project:httplib2:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:httplib2_project:httplib2:*:*:*:*:*:*:*:*range: <=0.7.2
- cpe:2.3:a:httplib2_project:httplib2:0.8:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- code.google.com/p/httplib2/issues/detailnvdExploitThird Party AdvisoryWEB
- bugs.launchpad.net/httplib2/+bug/1175272nvdExploitPatchWEB
- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingMailing ListThird Party AdvisoryWEB
- seclists.org/oss-sec/2013/q2/257nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/52179nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1948-1nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-q48q-77qv-cf9pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2037ghsaADVISORY
- github.com/httplib2/httplib2/commit/40cbdcc8586f2292fa0e76a3e8c012f0cc9ed919ghsaWEB
- github.com/httplib2/httplib2/issues/5ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2014-81.yamlghsaWEB
- web.archive.org/web/20200228052625/http://www.securityfocus.com/bid/52179ghsaWEB
News mentions
0No linked articles in our index yet.