Skip to main content
CVE-2013-4073 MEDIUM This Month

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Ruby
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2013-4248 MEDIUM This Month

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP OpenSSL Information Disclosure Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
9.9%
CVE-2013-4238 MEDIUM PATCH This Month

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy