Описание
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 2.30.6-1ubuntu1 |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 2.30.2-1ubuntu1.1 |
| maverick | ignored | end of life |
| natty | not-affected | 2.30.6-1ubuntu1 |
| oneiric | not-affected | 2.30.6-1ubuntu1 |
| precise | not-affected | 2.30.6-1ubuntu1 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditiona ...
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
EPSS
5.8 Medium
CVSS2