Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.
Published 2017-01-11 16:59:00
Updated 2017-01-13 13:09:20
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-9015

0.07%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-9015

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.6
LOW AV:N/AC:H/Au:N/C:P/I:N/A:N
4.9
2.9
NIST
3.7
LOW CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.2
1.4
NIST

CWE ids for CVE-2016-9015

References for CVE-2016-9015

Products affected by CVE-2016-9015

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!