Lucene search
Ubuntu.comUB:CVE-2012-2132HistoryAug 20, 2012 - 12:00 a.m.
CVE-2012-2132
2012-08-2000:00:00
ubuntu.com
ubuntu.com
9
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.006
Percentile
78.6%
libsoup 2.32.2 and earlier does not validate certificates or clear the
trust flag when the ssl-ca-file does not exist, which allows remote
attackers to bypass authentication by connecting with a SSL connection.
Bugs
- <https://bugzilla.novell.com/show_bug.cgi?id=758431>
- <https://bugzilla.redhat.com/show_bug.cgi?id=817692>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672880>
Notes
| Author | Note |
|---|---|
| mdeslaur | This isn’t actually a flaw in libsoup, it’s a flaw in applications that don’t set ssl-strict, and don’t set ssl-ca-file, but expect SOUP_MESSAGE_CERTIFICATE_TRUSTED to mean something. Applications should either set a ssl-ca-file, or ignore SOUP_MESSAGE_CERTIFICATE_TRUSTED. We aren’t going to fix this in libsoup. Applications should be fixed instead. Marked as ignored. |
Related
nessus
nessus
SuSE 11.2 Security Update : libsoup (SAT Patch Number 6520)
2013-01-25 00:00:00
openSUSE Security Update : epiphany / libsoup (openSUSE-SU-2012:0609-1)
2014-06-13 00:00:00
cve
cve
CVE-2012-2132
2012-08-20 18:55:03
prion
prion
Authentication flaw
2012-08-20 18:55:00
cvelist
cvelist
CVE-2012-2132
2012-08-20 18:00:00
debiancve
debiancve
CVE-2012-2132
2012-08-20 18:55:03
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0870-1)
2021-06-09 00:00:00
nvd
nvd
CVE-2012-2132
2012-08-20 18:55:03
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.006
Percentile
78.6%
Related for UB:CVE-2012-2132