TLS certificate late verification vulnerability in webkitgtk3
|ID: oval:org.secpod.oval:def:24546||Date: (C)2015-06-04 (M)2017-11-15|
|Class: VULNERABILITY||Family: unix|
The host is installed with webkitgtk3 version 2.0.4 and earlier on Redhat Enterprise Linux 7 and is prone to a TLS certificate late verification vulnerability. A flaw is present in the application, which fails to perform TLS certificate verification too late, after sending an HTTP request rather than before. Successful exploitation could allow attackers to disclose sensitive information leak over SSL/TLS connections.
|Red Hat Enterprise Linux 7|