[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

TLS certificate late verification vulnerability in webkitgtk3

ID: oval:org.secpod.oval:def:24546Date: (C)2015-06-04   (M)2018-05-13
Class: VULNERABILITYFamily: unix




The host is installed with webkitgtk3 version 2.0.4 and earlier on Redhat Enterprise Linux 7 and is prone to a TLS certificate late verification vulnerability. A flaw is present in the application, which fails to perform TLS certificate verification too late, after sending an HTTP request rather than before. Successful exploitation could allow attackers to disclose sensitive information leak over SSL/TLS connections.

Platform:
Red Hat Enterprise Linux 7
Product:
webkitgtk3
Reference:
CVE-2015-2330
CVE    1
CVE-2015-2330
CPE    2
cpe:/a:webkitgtk:webkitgtk3
cpe:/o:redhat:enterprise_linux:7

© SecPod Technologies