5.1
CVE-2012-1177
- EPSS 1.9%
- Veröffentlicht 26.08.2012 20:55:00
- Zuletzt bearbeitet 16.06.2026 23:39:11
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.77 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
http://secunia.com/advisories/50432
http://www.debian.org/security/2012/dsa-2482
http://www.mandriva.com/security/advisories?name=MDVSA-2012:111
http://www.openwall.com/lists/oss-security/2012/03/14/1
http://www.openwall.com/lists/oss-security/2012/03/14/3
http://www.openwall.com/lists/oss-security/2012/03/14/8
http://www.ubuntu.com/usn/USN-1547-1
https://bugs.launchpad.net/ubuntu/+source/libgdata/+bug/938812
https://bugzilla.gnome.org/show_bug.cgi?id=671535
https://bugzilla.novell.com/show_bug.cgi?id=752088