ID de Prueba:	1.3.6.1.4.1.25623.1.0.112996
Categoría:	Denial of Service
Título:	Python < 3.2.6, 3.3.x < 3.3.3 Wildcard DoS Vulnerability (bpo-17980) - Linux
Resumen:	Python's ssl.match_hostname() trips over crafted wildcard names.
Descripción:	Summary: Python's ssl.match_hostname() trips over crafted wildcard names. Vulnerability Insight: If the name in the certificate contains many * characters (wildcard), matching the compiled regular expression against the host name can take a very long time. Affected Software/OS: Python before 3.2.6 and 3.3 before 3.3.3. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2099 55107 http://secunia.com/advisories/55107 55116 http://secunia.com/advisories/55116 RHSA-2014:1690 http://rhn.redhat.com/errata/RHSA-2014-1690.html RHSA-2016:1166 https://access.redhat.com/errata/RHSA-2016:1166 USN-1983-1 http://www.ubuntu.com/usn/USN-1983-1 USN-1984-1 http://www.ubuntu.com/usn/USN-1984-1 USN-1985-1 http://www.ubuntu.com/usn/USN-1985-1 [oss-security] 20130515 Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } http://www.openwall.com/lists/oss-security/2013/05/16/6 http://bugs.python.org/issue17980 https://bugzilla.redhat.com/show_bug.cgi?id=963260
Copyright	Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.