CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
68.6%
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before
2.29.91 is used, does not verify X.509 certificates, which allows
man-in-the-middle attackers to spoof arbitrary https web sites via a
crafted server certificate, a related issue to CVE-2010-3312.
Author | Note |
---|---|
jdstrand | per micahg, uses system webkit and libsoup, which is now fixed |
micahg | per mdeslaur, cve descriptions can be wrong and this still needs triage |