CVE-2010-4340

CWE-264CWE-295Improper Certificate Validation6 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 59.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Libcloud
Timeline
PublishedSep 12
Latest updateMay 17

Description

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

PyPIapache-libcloud< 0.4.0
Debianlibcloud< 0.5.0-1+3
NVDapache/libcloud0.4.0+3

🔴Vulnerability Details

4
OSV
Apache Libcloud does not verify SSL certificates for HTTPS connections2022-05-17
GHSA
Apache Libcloud does not verify SSL certificates for HTTPS connections2022-05-17
OSV
CVE-2010-4340: libcloud before 02011-09-12
CVEList
CVE-2010-4340: libcloud before 02011-09-11

📋Vendor Advisories

1
Debian
CVE-2010-4340: libcloud - libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, wh...2010
CVE-2010-4340 (MEDIUM CVSS 4.3) | libcloud before 0.4.1 does not veri | cvebase.io