Published: 20/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

libsoup 2.32.2 and previous versions does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote malicious users to bypass authentication by connecting with a SSL connection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome libsoup 2.32.2

Debian Bug report logs - #672880 CVE-2012-2132: does not indicate whether or not an SSL certificate is valid Package: midori; Maintainer for midori is Dominik George <natureshadow@debianorg>; Source for midori is src:midori (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Mon, 14 May 2012 12:39:02 ...

CWE-287 http://www.openwall.com/lists/oss-security/2012/04/24/13 http://www.openwall.com/lists/oss-security/2012/04/24/3 http://www.openwall.com/lists/oss-security/2012/04/30/7 http://www.openwall.com/lists/oss-security/2012/05/02/8 https://bugzilla.gnome.org/show_bug.cgi?id=666280 http://www.securityfocus.com/bid/53232 https://exchange.xforce.ibmcloud.com/vulnerabilities/75167 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672880 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2132

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect