[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

TLS certificate late verification vulnerability in webkitgtk3

ID: oval:org.secpod.oval:def:24546Date: (C)2015-06-04   (M)2018-05-13
Class: VULNERABILITYFamily: unix




The host is installed with webkitgtk3 version 2.0.4 and earlier on Redhat Enterprise Linux 7 and is prone to a TLS certificate late verification vulnerability. A flaw is present in the application, which fails to perform TLS certificate verification too late, after sending an HTTP request rather than before. Successful exploitation could allow attackers to disclose sensitive information leak over SSL/TLS connections.

Platform:
Red Hat Enterprise Linux 7
Product:
webkitgtk3
Reference:
CVE-2015-2330
CVE    1
CVE-2015-2330
CPE    2
cpe:/a:webkitgtk:webkitgtk3
cpe:/o:redhat:enterprise_linux:7

© SecPod Technologies