{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34833?format=json","vulnerability_id":"VCID-eem4-2qxa-ufbk","summary":"httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","aliases":[{"alias":"CVE-2013-2037"},{"alias":"GHSA-q48q-77qv-cf9p"},{"alias":"PYSEC-2014-81"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7891?format=json","purl":"pkg:pypi/httplib2@0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/63113?format=json","purl":"pkg:pypi/httplib2@0.10.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.10.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7882?format=json","purl":"pkg:pypi/httplib2@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/7883?format=json","purl":"pkg:pypi/httplib2@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7884?format=json","purl":"pkg:pypi/httplib2@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/7885?format=json","purl":"pkg:pypi/httplib2@0.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/7886?format=json","purl":"pkg:pypi/httplib2@0.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/7887?format=json","purl":"pkg:pypi/httplib2@0.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/7888?format=json","purl":"pkg:pypi/httplib2@0.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7889?format=json","purl":"pkg:pypi/httplib2@0.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/7890?format=json","purl":"pkg:pypi/httplib2@0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-92cy-sw95-63fb"},{"vulnerability":"VCID-eem4-2qxa-ufbk"},{"vulnerability":"VCID-v8bw-2ukf-bbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.8"}],"references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602"},{"reference_url":"http://code.google.com/p/httplib2/issues/detail?id=282","reference_id":"","reference_type":"","scores":[],"url":"http://code.google.com/p/httplib2/issues/detail?id=282"},{"reference_url":"https://bugs.launchpad.net/httplib2/+bug/1175272","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/httplib2/+bug/1175272"},{"reference_url":"http://seclists.org/oss-sec/2013/q2/257","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q2/257"},{"reference_url":"https://github.com/httplib2/httplib2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httplib2/httplib2"},{"reference_url":"https://github.com/httplib2/httplib2/commit/40cbdcc8586f2292fa0e76a3e8c012f0cc9ed919","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httplib2/httplib2/commit/40cbdcc8586f2292fa0e76a3e8c012f0cc9ed919"},{"reference_url":"https://github.com/httplib2/httplib2/issues/5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httplib2/httplib2/issues/5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2014-81.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2014-81.yaml"},{"reference_url":"https://web.archive.org/web/20200228052625/http://www.securityfocus.com/bid/52179","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228052625/http://www.securityfocus.com/bid/52179"},{"reference_url":"http://www.securityfocus.com/bid/52179","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/52179"},{"reference_url":"http://www.ubuntu.com/usn/USN-1948-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1948-1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2037","reference_id":"CVE-2013-2037","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2037"},{"reference_url":"https://github.com/advisories/GHSA-q48q-77qv-cf9p","reference_id":"GHSA-q48q-77qv-cf9p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q48q-77qv-cf9p"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eem4-2qxa-ufbk"}