[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

TLS certificate late verification vulnerability in webkitgtk3

ID: oval:org.secpod.oval:def:24546Date: (C)2015-06-04   (M)2017-11-15
Class: VULNERABILITYFamily: unix




The host is installed with webkitgtk3 version 2.0.4 and earlier on Redhat Enterprise Linux 7 and is prone to a TLS certificate late verification vulnerability. A flaw is present in the application, which fails to perform TLS certificate verification too late, after sending an HTTP request rather than before. Successful exploitation could allow attackers to disclose sensitive information leak over SSL/TLS connections.

Platform:
Red Hat Enterprise Linux 7
Product:
webkitgtk3
Reference:
CVE-2015-2330
CVE    1
CVE-2015-2330
CPE    2
cpe:/a:webkitgtk:webkitgtk3
cpe:/o:redhat:enterprise_linux:7

© 2013 SecPod Technologies