Oval Definition:	oval:org.cisecurity:def:1255
Revision Date: 2016-11-11 Version: 25 Title: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3 – CVE-2014-9365 Description: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2014-9365 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Python Definition Synopsis Python is installed AND Check for vulnerable version Check if Python version is greater than or equal 2.0.0 and less than 2.7.9 (Single User) OR Check if Python version is greater than or equal 3.0.0 and less than 3.4.3 (Single User) OR Check if Python version is greater than or equal 2.0.0 and less than 2.7.9 (All Users) OR Check if Python version is greater than or equal 3.0.0 and less than 3.4.3 (All Users)
BACK