CVE-2012-2132

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-2132

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-2132.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-2132

Published

2012-08-20T18:55:03Z

Modified

2025-01-14T06:04:07.147421Z

Summary

[none]

Details

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.

References

https://bugzilla.gnome.org/show_bug.cgi?id=666280
http://www.openwall.com/lists/oss-security/2012/04/24/13
http://www.openwall.com/lists/oss-security/2012/04/24/3
http://www.openwall.com/lists/oss-security/2012/04/30/7
http://www.openwall.com/lists/oss-security/2012/05/02/8
http://www.securityfocus.com/bid/53232
https://exchange.xforce.ibmcloud.com/vulnerabilities/75167
https://security-tracker.debian.org/tracker/CVE-2012-2132

Affected packages

Debian:11 / midori

Package

Name: midori
Purl: pkg:deb/debian/midori?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0-2.1

Ecosystem specific

{
    "urgency": "unimportant"
}