Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5825 to the following vulnerability: Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library. References: [1] http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf [2] https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html [3] http://www.sigsac.org/ccs/CCS2012/techprogram.shtml
Created tweepy tracking bugs for this issue Affects: fedora-all [bug 873275]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.