7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2013-7110

GHSA ID

GHSA-jf99-2rj4-jxrm

EPSS Score

0.38173%

CWE

CWE-20

Published

5/17/2022

Updated

11/18/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-7110

CVE-2013-7110: Transifex command-line client has improper certificate validation

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2013-7110

CVE-2013-7110:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2013-7110

GHSA ID

GHSA-jf99-2rj4-jxrm

EPSS Score

0.38173%

CWE

CWE-20

Published

5/17/2022

Updated

11/18/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
transifex-client	pip	< 0.10	0.10

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from 2 key issues:

The verify_ssl function created a one-time validated connection but didn't enforce validation on subsequent urllib2 connections
All data transfer methods (do_url_request, get_details) used urllib2.urlopen which didn't perform certificate validation
The commit diff shows removal of custom SSL handling code and migration to urllib3 with proper validation
CVE description explicitly calls out incomplete fix of certificate validation in data transfer connections

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2013-7110: Transifex command-line client has improper certificate validation

CVE-2013-7110:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2013-7110: Transifex command-line client has improper certificate validation

Basic Information

Basic Information

7.5

7.5

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI