CVE-2014-9365 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-9365 Interim 1 18 2025-11-05T05:00:31Z current 2021-05-30T13:24:39Z 2025-11-05T05:00:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-9365 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Magnum Orchestration 7 SUSE Container as a Service Platform 2.0 SUSE Enterprise Storage 3 SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE Liberty Linux 7 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Manager Client Tools for SLE 12 SUSE Manager Proxy 3.0 SUSE Manager Proxy 3.1 SUSE Manager Server 3.0 SUSE Manager Server 3.1 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 python-2.7.5-58.el7 python-backports.ssl_match_hostname python-debug-2.7.5-58.el7 python-devel-2.7.5-58.el7 python-libs-2.7.5-58.el7 python-test-2.7.5-58.el7 python-tools-2.7.5-58.el7 tkinter-2.7.5-58.el7 python-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 python-debug-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 python-devel-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 python-libs-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 python-test-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 python-tools-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 tkinter-2.7.5-58.el7 as a component of SUSE Liberty Linux 7 python-backports.ssl_match_hostname as a component of Magnum Orchestration 7 python-backports.ssl_match_hostname as a component of SUSE Container as a Service Platform 2.0 python-backports.ssl_match_hostname as a component of SUSE Enterprise Storage 3 python-backports.ssl_match_hostname as a component of SUSE Enterprise Storage 4 python-backports.ssl_match_hostname as a component of SUSE Enterprise Storage 5 python-backports.ssl_match_hostname as a component of SUSE Linux Enterprise Desktop 12 SP3 python-backports.ssl_match_hostname as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 python-backports.ssl_match_hostname as a component of SUSE Linux Enterprise Module for Containers 12 python-backports.ssl_match_hostname as a component of SUSE Linux Enterprise Module for Public Cloud 12 python-backports.ssl_match_hostname as a component of SUSE Manager Client Tools for SLE 12 python-backports.ssl_match_hostname as a component of SUSE Manager Proxy 3.0 python-backports.ssl_match_hostname as a component of SUSE Manager Proxy 3.1 python-backports.ssl_match_hostname as a component of SUSE Manager Server 3.0 python-backports.ssl_match_hostname as a component of SUSE Manager Server 3.1 python-backports.ssl_match_hostname as a component of SUSE OpenStack Cloud 6 python-backports.ssl_match_hostname as a component of SUSE OpenStack Cloud 7 The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVE-2014-9365 SUSE Liberty Linux 7:python-2.7.5-58.el7 SUSE Liberty Linux 7:python-debug-2.7.5-58.el7 SUSE Liberty Linux 7:python-devel-2.7.5-58.el7 SUSE Liberty Linux 7:python-libs-2.7.5-58.el7 SUSE Liberty Linux 7:python-test-2.7.5-58.el7 SUSE Liberty Linux 7:python-tools-2.7.5-58.el7 SUSE Liberty Linux 7:tkinter-2.7.5-58.el7 Magnum Orchestration 7:python-backports.ssl_match_hostname SUSE Container as a Service Platform 2.0:python-backports.ssl_match_hostname SUSE Enterprise Storage 3:python-backports.ssl_match_hostname SUSE Enterprise Storage 4:python-backports.ssl_match_hostname SUSE Enterprise Storage 5:python-backports.ssl_match_hostname SUSE Linux Enterprise Desktop 12 SP3:python-backports.ssl_match_hostname SUSE Linux Enterprise Module for Advanced Systems Management 12:python-backports.ssl_match_hostname SUSE Linux Enterprise Module for Containers 12:python-backports.ssl_match_hostname SUSE Linux Enterprise Module for Public Cloud 12:python-backports.ssl_match_hostname SUSE Manager Client Tools for SLE 12:python-backports.ssl_match_hostname SUSE Manager Proxy 3.0:python-backports.ssl_match_hostname SUSE Manager Proxy 3.1:python-backports.ssl_match_hostname SUSE Manager Server 3.0:python-backports.ssl_match_hostname SUSE Manager Server 3.1:python-backports.ssl_match_hostname SUSE OpenStack Cloud 6:python-backports.ssl_match_hostname SUSE OpenStack Cloud 7:python-backports.ssl_match_hostname moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N