CVE-2018-11712

Sažetak

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

Reference

https://bugs.webkit.org/show_bug.cgi?id=184804
https://security.gentoo.org/glsa/201808-04
https://trac.webkit.org/changeset/230886/webkit

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-10-2018 - 10:29

Objavljeno

04-06-2018 - 14:29