Description
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
Remediation
References
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3680)
WordPress Plugin Media File Manager Multiple Vulnerabilities (1.4.2)
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-2001-0509)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.5.1.0)