var-201412-0061
Vulnerability from variot
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Supplementary information : CWE Vulnerability type by CWE-295: Improper Certificate Validation ( Incorrect certificate validation ) Has been identified. http://cwe.mitre.org/data/definitions/295.htmlMan-in-the-middle attacks (man-in-the-middle attack) Through any valid certificate SSL There is a possibility of impersonating a server. Python is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. The language is scalable, supports modules and packages, and supports multiple platforms. CPython (aka Python) is a Python interpreter implemented in C language. There are security vulnerabilities in the HTTP clients of httplib, urllib, urllib2 and xmlrpclib libraries in 2.x versions before 2.7.9 and 3.x versions before 3.4.3. The vulnerability stems from the fact that the certificate is not properly verified when the program accesses the HTTPS URL . 7) - noarch, x86_64
- The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.
The python27 Software Collection has been upgraded to version 2.7.13, which provides a number of bug fixes and enhancements over the previous version. (BZ#1417838)
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/python < 3.3.5-r1 *>= 2.7.9-r1 >= 3.3.5-r1
Description
Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Python 3.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1"
All Python 2.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1"
References
[ 1 ] CVE-2013-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752 [ 2 ] CVE-2013-7338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338 [ 3 ] CVE-2014-1912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912 [ 4 ] CVE-2014-2667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667 [ 5 ] CVE-2014-4616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616 [ 6 ] CVE-2014-7185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185 [ 7 ] CVE-2014-9365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).
This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752).
Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752).
A gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753).
Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).
The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650).
Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185). It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365).
The python-pip and tix packages was added due to missing build dependencies.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4616 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365 http://advisories.mageia.org/MGASA-2014-0085.html http://advisories.mageia.org/MGASA-2014-0139.html http://advisories.mageia.org/MGASA-2014-0285.html http://advisories.mageia.org/MGASA-2014-0399.html
Updated Packages:
Mandriva Business Server 2/X86_64: d58b1b80b3dc737786ed59c11716efd7 mbs2/x86_64/lib64python2.7-2.7.9-1.mbs2.x86_64.rpm 094be70fc92a99ec299026414043a5ed mbs2/x86_64/lib64python-devel-2.7.9-1.mbs2.x86_64.rpm daaaff2334797306a8be9d6a8f4fa69a mbs2/x86_64/python-2.7.9-1.mbs2.x86_64.rpm 3418e101353fde429817cfea0298193b mbs2/x86_64/python3-pip-1.4.1-4.2.mbs2.noarch.rpm e0e7d10ce59e9eccd69d760fb377c5b2 mbs2/x86_64/python-docs-2.7.9-1.mbs2.noarch.rpm eaf8978737e06d46ddd2ee6d78658ae4 mbs2/x86_64/python-pip-1.4.1-4.2.mbs2.noarch.rpm ea585f2ec67cb5a4838c1fc08e615fa5 mbs2/x86_64/tix-8.4.3-9.mbs2.x86_64.rpm 5f83e970c318d9dad119943e986f8182 mbs2/x86_64/tix-devel-8.4.3-9.mbs2.x86_64.rpm a6b1667ad8ab5000b1eef329713aa5c3 mbs2/x86_64/tkinter-2.7.9-1.mbs2.x86_64.rpm 7ce085d9fb460e1093513d5579174697 mbs2/x86_64/tkinter-apps-2.7.9-1.mbs2.x86_64.rpm 85e67e3e2373ea06f2b2eb0e69682937 mbs2/SRPMS/python-2.7.9-1.mbs2.src.rpm 407d147f773bbc3fc3c5430619ee0f65 mbs2/SRPMS/python-pip-1.4.1-4.2.mbs2.src.rpm b561abc0b4fec04f0c398068faa5952f mbs2/SRPMS/tix-8.4.3-9.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFY0qmqjQ0CJFipgRAnTSAKDqsSqyFLO4F/4mq6ZmL7fZ+yYhjgCeNkAn fc0CS3IgYNQdHz4EMRvQ9Tg= =giLB -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: python security and bug fix update Advisory ID: RHSA-2017:1868-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1868 Issue date: 2017-08-01 CVE Names: CVE-2014-9365 =====================================================================
- Summary:
An update for python is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)
Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476) 1272562 - Memory leaks found by unit tests 1297522 - Undefined python_provide causes silently missing provides 1333064 - /CoreOS/python/Sanity/gdb test is failing on s390x 1364444 - Python fails to decode X.509 cert with GEN_RID subject alt name 1368076 - threading wait(timeout) doesn't return after timeout if system clock is set backward 1373363 - Incorrect parsing of regular expressions 1432003 - After logrotate , dynamic looping call gets 'ValueError: I/O operation on closed file' on self.stream.flush() in /usr/lib64/python2.7/logging/handlers.py 1439734 - Backport fix for shutil.make_archive doesn't archive empty directories
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: python-2.7.5-58.el7.src.rpm
x86_64: python-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.i686.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-libs-2.7.5-58.el7.i686.rpm python-libs-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: python-debug-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-devel-2.7.5-58.el7.x86_64.rpm python-test-2.7.5-58.el7.x86_64.rpm python-tools-2.7.5-58.el7.x86_64.rpm tkinter-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: python-2.7.5-58.el7.src.rpm
x86_64: python-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.i686.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-devel-2.7.5-58.el7.x86_64.rpm python-libs-2.7.5-58.el7.i686.rpm python-libs-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: python-debug-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-test-2.7.5-58.el7.x86_64.rpm python-tools-2.7.5-58.el7.x86_64.rpm tkinter-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: python-2.7.5-58.el7.src.rpm
aarch64: python-2.7.5-58.el7.aarch64.rpm python-debuginfo-2.7.5-58.el7.aarch64.rpm python-devel-2.7.5-58.el7.aarch64.rpm python-libs-2.7.5-58.el7.aarch64.rpm
ppc64: python-2.7.5-58.el7.ppc64.rpm python-debuginfo-2.7.5-58.el7.ppc.rpm python-debuginfo-2.7.5-58.el7.ppc64.rpm python-devel-2.7.5-58.el7.ppc64.rpm python-libs-2.7.5-58.el7.ppc.rpm python-libs-2.7.5-58.el7.ppc64.rpm
ppc64le: python-2.7.5-58.el7.ppc64le.rpm python-debuginfo-2.7.5-58.el7.ppc64le.rpm python-devel-2.7.5-58.el7.ppc64le.rpm python-libs-2.7.5-58.el7.ppc64le.rpm
s390x: python-2.7.5-58.el7.s390x.rpm python-debuginfo-2.7.5-58.el7.s390.rpm python-debuginfo-2.7.5-58.el7.s390x.rpm python-devel-2.7.5-58.el7.s390x.rpm python-libs-2.7.5-58.el7.s390.rpm python-libs-2.7.5-58.el7.s390x.rpm
x86_64: python-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.i686.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-devel-2.7.5-58.el7.x86_64.rpm python-libs-2.7.5-58.el7.i686.rpm python-libs-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: python-debug-2.7.5-58.el7.aarch64.rpm python-debuginfo-2.7.5-58.el7.aarch64.rpm python-test-2.7.5-58.el7.aarch64.rpm python-tools-2.7.5-58.el7.aarch64.rpm tkinter-2.7.5-58.el7.aarch64.rpm
ppc64: python-debug-2.7.5-58.el7.ppc64.rpm python-debuginfo-2.7.5-58.el7.ppc64.rpm python-test-2.7.5-58.el7.ppc64.rpm python-tools-2.7.5-58.el7.ppc64.rpm tkinter-2.7.5-58.el7.ppc64.rpm
ppc64le: python-debug-2.7.5-58.el7.ppc64le.rpm python-debuginfo-2.7.5-58.el7.ppc64le.rpm python-test-2.7.5-58.el7.ppc64le.rpm python-tools-2.7.5-58.el7.ppc64le.rpm tkinter-2.7.5-58.el7.ppc64le.rpm
s390x: python-debug-2.7.5-58.el7.s390x.rpm python-debuginfo-2.7.5-58.el7.s390x.rpm python-test-2.7.5-58.el7.s390x.rpm python-tools-2.7.5-58.el7.s390x.rpm tkinter-2.7.5-58.el7.s390x.rpm
x86_64: python-debug-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-test-2.7.5-58.el7.x86_64.rpm python-tools-2.7.5-58.el7.x86_64.rpm tkinter-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: python-2.7.5-58.el7.src.rpm
x86_64: python-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.i686.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-devel-2.7.5-58.el7.x86_64.rpm python-libs-2.7.5-58.el7.i686.rpm python-libs-2.7.5-58.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: python-debug-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-test-2.7.5-58.el7.x86_64.rpm python-tools-2.7.5-58.el7.x86_64.rpm tkinter-2.7.5-58.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9365 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html https://access.redhat.com/articles/2039753
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZgOR/XlSAg2UNWIIRAtf8AJ43qpkGM8a2Q4bgios7Yh3TrUS+fgCfdA2W rxrzegAW6UdQbKGtPSHGsBo= =BV91 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.6.2150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.6.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.6.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.4.6"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.6.6150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.5.150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.5.6"
},
{
"model": "python",
"scope": "eq",
"trust": 1.6,
"vendor": "python",
"version": "2.6.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.4.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.3"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.1150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.4.0"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.6.7"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.5"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.6"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.6.8"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.5.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.2150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.8"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.6"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.1.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.3.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.5"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.7"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.5.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.2.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.5.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.0.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.0"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.3.5"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.3.7"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.6"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.3.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.4.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.5"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.2150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.3.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.0"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1.5"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.0"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.5.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.3.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.7.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.2.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.2.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.0"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.1.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.4.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1.2150"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.0.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.4.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.3.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.6.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.4.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.1.1"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.6.5"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1.4"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.4.2"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.1.3"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "2.6.6"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.2.2"
},
{
"model": "python",
"scope": "lt",
"trust": 0.8,
"vendor": "python",
"version": "3.x"
},
{
"model": "python",
"scope": "lt",
"trust": 0.8,
"vendor": "python",
"version": "2.x"
},
{
"model": "python",
"scope": "eq",
"trust": 0.8,
"vendor": "python",
"version": "3.4.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "python",
"scope": "eq",
"trust": 0.8,
"vendor": "python",
"version": "2.7.9"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "python",
"scope": "eq",
"trust": 0.6,
"vendor": "python",
"version": "2.7"
},
{
"model": "python",
"scope": "eq",
"trust": 0.6,
"vendor": "python",
"version": "2.6"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "3.2.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "3.1.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "3.0.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.7.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.6.5"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.6.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.5.6"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.5.5"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.5.3"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.5.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.5.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.4.5"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.4.4"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.4.3"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.4.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.4.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.4"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3.6"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3.5"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3.4"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3.3"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.3"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.2.3"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.2.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.2.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.1.3"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.1.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.1.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.0.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.0"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "3.1.2"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "3.1"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.7"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.6"
},
{
"model": "software foundation python",
"scope": "eq",
"trust": 0.3,
"vendor": "python",
"version": "2.5"
}
],
"sources": [
{
"db": "BID",
"id": "71639"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.4:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.5:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.3:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.5.150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.3.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9365"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alex Gaynor",
"sources": [
{
"db": "BID",
"id": "71639"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9365",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-9365",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77310",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9365",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-309",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77310",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77310"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject\u0027s (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Supplementary information : CWE Vulnerability type by CWE-295: Improper Certificate Validation ( Incorrect certificate validation ) Has been identified. http://cwe.mitre.org/data/definitions/295.htmlMan-in-the-middle attacks (man-in-the-middle attack) Through any valid certificate SSL There is a possibility of impersonating a server. Python is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. The language is scalable, supports modules and packages, and supports multiple platforms. CPython (aka Python) is a Python interpreter implemented in C language. There are security vulnerabilities in the HTTP clients of httplib, urllib, urllib2 and xmlrpclib libraries in 2.x versions before 2.7.9 and 3.x versions before 3.4.3. The vulnerability stems from the fact that the certificate is not properly verified when the program accesses the HTTPS URL . 7) - noarch, x86_64\n\n3. The python27 packages provide a stable release of\nPython 2.7 with a number of additional utilities and database connectors\nfor MySQL and PostgreSQL. \n\nThe python27 Software Collection has been upgraded to version 2.7.13, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1417838)\n\n4. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/python \u003c 3.3.5-r1 *\u003e= 2.7.9-r1\n \u003e= 3.3.5-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Python. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Python 3.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/python-3.3.5-r1\"\n\nAll Python 2.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/python-2.7.9-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-1752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752\n[ 2 ] CVE-2013-7338\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338\n[ 3 ] CVE-2014-1912\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912\n[ 4 ] CVE-2014-2667\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667\n[ 5 ] CVE-2014-4616\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616\n[ 6 ] CVE-2014-7185\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185\n[ 7 ] CVE-2014-9365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201503-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. This could be used\n to crash a Python application that uses the socket.recvfrom_info()\n function or, possibly, execute arbitrary code with the permissions\n of the user running vulnerable Python code (CVE-2014-1912). \n \n This updates the python package to version 2.7.6, which fixes several\n other bugs, including denial of service flaws due to unbound readline()\n calls in the ftplib and nntplib modules (CVE-2013-1752). \n \n Denial of service flaws due to unbound readline() calls in the imaplib,\n poplib, and smtplib modules (CVE-2013-1752). \n \n A gzip bomb and unbound read denial of service flaw in python XMLRPC\n library (CVE-2013-1753). \n \n Python are susceptible to arbitrary process memory reading by a user\n or adversary due to a bug in the _json module caused by insufficient\n bounds checking. The bug is caused by allowing the user to supply a\n negative value that is used an an array index, causing the scanstring\n function to access process memory outside of the string it is intended\n to access (CVE-2014-4616). \n \n The CGIHTTPServer Python module does not properly handle URL-encoded\n path separators in URLs. This may enable attackers to disclose a CGI\n script\u0026#039;s source code or execute arbitrary scripts in the server\u0026#039;s\n document root (CVE-2014-4650). \n \n Python before 2.7.8 is vulnerable to an integer overflow in the buffer\n type (CVE-2014-7185). It was possible to configure a trust root to be checked against,\n however there were no faculties for hostname checking (CVE-2014-9365). \n \n The python-pip and tix packages was added due to missing build\n dependencies. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4616\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365\n http://advisories.mageia.org/MGASA-2014-0085.html\n http://advisories.mageia.org/MGASA-2014-0139.html\n http://advisories.mageia.org/MGASA-2014-0285.html\n http://advisories.mageia.org/MGASA-2014-0399.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n d58b1b80b3dc737786ed59c11716efd7 mbs2/x86_64/lib64python2.7-2.7.9-1.mbs2.x86_64.rpm\n 094be70fc92a99ec299026414043a5ed mbs2/x86_64/lib64python-devel-2.7.9-1.mbs2.x86_64.rpm\n daaaff2334797306a8be9d6a8f4fa69a mbs2/x86_64/python-2.7.9-1.mbs2.x86_64.rpm\n 3418e101353fde429817cfea0298193b mbs2/x86_64/python3-pip-1.4.1-4.2.mbs2.noarch.rpm\n e0e7d10ce59e9eccd69d760fb377c5b2 mbs2/x86_64/python-docs-2.7.9-1.mbs2.noarch.rpm\n eaf8978737e06d46ddd2ee6d78658ae4 mbs2/x86_64/python-pip-1.4.1-4.2.mbs2.noarch.rpm\n ea585f2ec67cb5a4838c1fc08e615fa5 mbs2/x86_64/tix-8.4.3-9.mbs2.x86_64.rpm\n 5f83e970c318d9dad119943e986f8182 mbs2/x86_64/tix-devel-8.4.3-9.mbs2.x86_64.rpm\n a6b1667ad8ab5000b1eef329713aa5c3 mbs2/x86_64/tkinter-2.7.9-1.mbs2.x86_64.rpm\n 7ce085d9fb460e1093513d5579174697 mbs2/x86_64/tkinter-apps-2.7.9-1.mbs2.x86_64.rpm \n 85e67e3e2373ea06f2b2eb0e69682937 mbs2/SRPMS/python-2.7.9-1.mbs2.src.rpm\n 407d147f773bbc3fc3c5430619ee0f65 mbs2/SRPMS/python-pip-1.4.1-4.2.mbs2.src.rpm\n b561abc0b4fec04f0c398068faa5952f mbs2/SRPMS/tix-8.4.3-9.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFY0qmqjQ0CJFipgRAnTSAKDqsSqyFLO4F/4mq6ZmL7fZ+yYhjgCeNkAn\nfc0CS3IgYNQdHz4EMRvQ9Tg=\n=giLB\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: python security and bug fix update\nAdvisory ID: RHSA-2017:1868-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1868\nIssue date: 2017-08-01\nCVE Names: CVE-2014-9365 \n=====================================================================\n\n1. Summary:\n\nAn update for python is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to many\nsystem calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* The Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use this\nflaw to hijack connections and eavesdrop or modify transferred data. \n(CVE-2014-9365)\n\nNote: The Python standard library was updated to enable certificate\nverification by default. Refer to the Knowledgebase article 2039753 linked\nto in the References section for further details about this change. \n(BZ#1219110)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476)\n1272562 - Memory leaks found by unit tests\n1297522 - Undefined python_provide causes silently missing provides\n1333064 - /CoreOS/python/Sanity/gdb test is failing on s390x\n1364444 - Python fails to decode X.509 cert with GEN_RID subject alt name\n1368076 - threading wait(timeout) doesn\u0027t return after timeout if system clock is set backward\n1373363 - Incorrect parsing of regular expressions\n1432003 - After logrotate , dynamic looping call gets \u0027ValueError: I/O operation on closed file\u0027 on self.stream.flush() in /usr/lib64/python2.7/logging/handlers.py\n1439734 - Backport fix for shutil.make_archive doesn\u0027t archive empty directories\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\npython-2.7.5-58.el7.src.rpm\n\nx86_64:\npython-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.i686.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-libs-2.7.5-58.el7.i686.rpm\npython-libs-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-devel-2.7.5-58.el7.x86_64.rpm\npython-test-2.7.5-58.el7.x86_64.rpm\npython-tools-2.7.5-58.el7.x86_64.rpm\ntkinter-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\npython-2.7.5-58.el7.src.rpm\n\nx86_64:\npython-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.i686.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-devel-2.7.5-58.el7.x86_64.rpm\npython-libs-2.7.5-58.el7.i686.rpm\npython-libs-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-test-2.7.5-58.el7.x86_64.rpm\npython-tools-2.7.5-58.el7.x86_64.rpm\ntkinter-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\npython-2.7.5-58.el7.src.rpm\n\naarch64:\npython-2.7.5-58.el7.aarch64.rpm\npython-debuginfo-2.7.5-58.el7.aarch64.rpm\npython-devel-2.7.5-58.el7.aarch64.rpm\npython-libs-2.7.5-58.el7.aarch64.rpm\n\nppc64:\npython-2.7.5-58.el7.ppc64.rpm\npython-debuginfo-2.7.5-58.el7.ppc.rpm\npython-debuginfo-2.7.5-58.el7.ppc64.rpm\npython-devel-2.7.5-58.el7.ppc64.rpm\npython-libs-2.7.5-58.el7.ppc.rpm\npython-libs-2.7.5-58.el7.ppc64.rpm\n\nppc64le:\npython-2.7.5-58.el7.ppc64le.rpm\npython-debuginfo-2.7.5-58.el7.ppc64le.rpm\npython-devel-2.7.5-58.el7.ppc64le.rpm\npython-libs-2.7.5-58.el7.ppc64le.rpm\n\ns390x:\npython-2.7.5-58.el7.s390x.rpm\npython-debuginfo-2.7.5-58.el7.s390.rpm\npython-debuginfo-2.7.5-58.el7.s390x.rpm\npython-devel-2.7.5-58.el7.s390x.rpm\npython-libs-2.7.5-58.el7.s390.rpm\npython-libs-2.7.5-58.el7.s390x.rpm\n\nx86_64:\npython-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.i686.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-devel-2.7.5-58.el7.x86_64.rpm\npython-libs-2.7.5-58.el7.i686.rpm\npython-libs-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\npython-debug-2.7.5-58.el7.aarch64.rpm\npython-debuginfo-2.7.5-58.el7.aarch64.rpm\npython-test-2.7.5-58.el7.aarch64.rpm\npython-tools-2.7.5-58.el7.aarch64.rpm\ntkinter-2.7.5-58.el7.aarch64.rpm\n\nppc64:\npython-debug-2.7.5-58.el7.ppc64.rpm\npython-debuginfo-2.7.5-58.el7.ppc64.rpm\npython-test-2.7.5-58.el7.ppc64.rpm\npython-tools-2.7.5-58.el7.ppc64.rpm\ntkinter-2.7.5-58.el7.ppc64.rpm\n\nppc64le:\npython-debug-2.7.5-58.el7.ppc64le.rpm\npython-debuginfo-2.7.5-58.el7.ppc64le.rpm\npython-test-2.7.5-58.el7.ppc64le.rpm\npython-tools-2.7.5-58.el7.ppc64le.rpm\ntkinter-2.7.5-58.el7.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-58.el7.s390x.rpm\npython-debuginfo-2.7.5-58.el7.s390x.rpm\npython-test-2.7.5-58.el7.s390x.rpm\npython-tools-2.7.5-58.el7.s390x.rpm\ntkinter-2.7.5-58.el7.s390x.rpm\n\nx86_64:\npython-debug-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-test-2.7.5-58.el7.x86_64.rpm\npython-tools-2.7.5-58.el7.x86_64.rpm\ntkinter-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\npython-2.7.5-58.el7.src.rpm\n\nx86_64:\npython-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.i686.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-devel-2.7.5-58.el7.x86_64.rpm\npython-libs-2.7.5-58.el7.i686.rpm\npython-libs-2.7.5-58.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-58.el7.x86_64.rpm\npython-debuginfo-2.7.5-58.el7.x86_64.rpm\npython-test-2.7.5-58.el7.x86_64.rpm\npython-tools-2.7.5-58.el7.x86_64.rpm\ntkinter-2.7.5-58.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9365\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html\nhttps://access.redhat.com/articles/2039753\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZgOR/XlSAg2UNWIIRAtf8AJ43qpkGM8a2Q4bgios7Yh3TrUS+fgCfdA2W\nrxrzegAW6UdQbKGtPSHGsBo=\n=BV91\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "BID",
"id": "71639"
},
{
"db": "VULHUB",
"id": "VHN-77310"
},
{
"db": "PACKETSTORM",
"id": "142327"
},
{
"db": "PACKETSTORM",
"id": "130890"
},
{
"db": "PACKETSTORM",
"id": "131057"
},
{
"db": "PACKETSTORM",
"id": "143593"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-77310",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77310"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9365",
"trust": 3.3
},
{
"db": "BID",
"id": "71639",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/12/11/1",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "142327",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143593",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77310",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130890",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131057",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77310"
},
{
"db": "VULMON",
"id": "CVE-2014-9365"
},
{
"db": "BID",
"id": "71639"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "PACKETSTORM",
"id": "142327"
},
{
"db": "PACKETSTORM",
"id": "130890"
},
{
"db": "PACKETSTORM",
"id": "131057"
},
{
"db": "PACKETSTORM",
"id": "143593"
},
{
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"id": "VAR-201412-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77310"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:53:49.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
},
{
"title": "Oracle Third Party Bulletin - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "Issue22417",
"trust": 0.8,
"url": "http://bugs.python.org/issue22417"
},
{
"title": "Python 2.7.9",
"trust": 0.8,
"url": "https://www.python.org/downloads/release/python-279/"
},
{
"title": "PEP 476 - Enabling certificate verification by default for stdlib http clients",
"trust": 0.8,
"url": "https://www.python.org/dev/peps/pep-0476/"
},
{
"title": "trusty-python-builder",
"trust": 0.1,
"url": "https://github.com/jyotty/trusty-python-builder "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-9365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "NVD",
"id": "CVE-2014-9365"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1162"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1868"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71639"
},
{
"trust": 1.7,
"url": "http://bugs.python.org/issue22417"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.7,
"url": "https://www.python.org/dev/peps/pep-0476/"
},
{
"trust": 1.7,
"url": "https://www.python.org/downloads/release/python-279/"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2014/12/11/1"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2016:1166"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9365"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9365"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9365"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2014/q4/1022"
},
{
"trust": 0.3,
"url": "http://www.python.org"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958936"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2039753"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1752"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1912"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/2/html/2.4_release_notes/chap-rhscl.html#sect-rhscl-changes-python"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7185"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2667"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1912"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7338"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2667"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9365"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1752"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1753"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7185"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4650"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0399.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1752"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1912"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0285.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1753"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4616"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0139.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0085.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.4_release_notes/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77310"
},
{
"db": "BID",
"id": "71639"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "PACKETSTORM",
"id": "142327"
},
{
"db": "PACKETSTORM",
"id": "130890"
},
{
"db": "PACKETSTORM",
"id": "131057"
},
{
"db": "PACKETSTORM",
"id": "143593"
},
{
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77310"
},
{
"db": "VULMON",
"id": "CVE-2014-9365"
},
{
"db": "BID",
"id": "71639"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"db": "PACKETSTORM",
"id": "142327"
},
{
"db": "PACKETSTORM",
"id": "130890"
},
{
"db": "PACKETSTORM",
"id": "131057"
},
{
"db": "PACKETSTORM",
"id": "143593"
},
{
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-77310"
},
{
"date": "2014-12-11T00:00:00",
"db": "BID",
"id": "71639"
},
{
"date": "2014-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"date": "2017-04-26T16:06:09",
"db": "PACKETSTORM",
"id": "142327"
},
{
"date": "2015-03-19T00:39:44",
"db": "PACKETSTORM",
"id": "130890"
},
{
"date": "2015-03-27T20:50:03",
"db": "PACKETSTORM",
"id": "131057"
},
{
"date": "2017-08-02T00:23:15",
"db": "PACKETSTORM",
"id": "143593"
},
{
"date": "2014-12-12T11:59:07.063000",
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"date": "2014-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-77310"
},
{
"date": "2015-11-03T19:02:00",
"db": "BID",
"id": "71639"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005969"
},
{
"date": "2019-10-25T11:53:59.117000",
"db": "NVD",
"id": "CVE-2014-9365"
},
{
"date": "2019-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPython of httplib Library etc. HTTP At the client SSL Vulnerability impersonating a server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005969"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-309"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.