Описание
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | libgadu | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1025718libgadu: missing ssl certificate validation
5.8 Medium
CVSS2
Связанные уязвимости
ubuntu
больше 11 лет назад
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
nvd
больше 11 лет назад
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
debian
больше 11 лет назад
libgadu before 1.12.0 does not verify X.509 certificates from SSL serv ...
github
больше 3 лет назад
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
5.8 Medium
CVSS2