Vulnerability Description
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Transifex | Transifex | <= 0.8 |
Related Weaknesses (CWE)
References
- http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-hPatch
- http://www.openwall.com/lists/oss-security/2013/05/22/14Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=952194
- http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-hPatch
- http://www.openwall.com/lists/oss-security/2013/05/22/14Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=952194
FAQ
What is CVE-2013-2073?
CVE-2013-2073 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
How severe is CVE-2013-2073?
CVE-2013-2073 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2073?
Check the references section above for vendor advisories and patch information. Affected products include: Transifex Transifex.