VYPR
Moderate severityNVD Advisory· Published Jan 18, 2014· Updated Jun 16, 2026

CVE-2013-2037

CVE-2013-2037

Description

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
httplib2PyPI
< 0.10.10.10.1

Affected products

7
  • cpe:2.3:a:httplib2_project:httplib2:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:httplib2_project:httplib2:*:*:*:*:*:*:*:*range: <=0.7.2
    • cpe:2.3:a:httplib2_project:httplib2:0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.10.1

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.