CVE-2012-2132 — Improper Authentication in Libsoup

CWE-287 — Improper Authentication9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 50.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libsoup

Timeline

PublishedAug 20

Latest updateMay 17

Description

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnome/libsoup2.32.2

🔴Vulnerability Details

GHSA

GHSA-5g62-v8vq-wrxx: libsoup 2↗2022-05-17

▶

OSV

CVE-2012-2132: libsoup 2↗2012-08-20

▶

CVEList

CVE-2012-2132: libsoup 2↗2012-08-20

▶

📋Vendor Advisories

Red Hat

libsoup: does not indicate whether or not an SSL certificate is valid↗2012-04-23

▶

Debian

CVE-2012-2132: midori - libsoup 2.32.2 and earlier does not validate certificates or clear the trust fla...↗2012

▶

💬Community

Bugzilla

CVE-2012-2132 libsoup: does not indicate whether or not an SSL certificate is valid [fedora-15]↗2012-05-02

▶

Bugzilla

CVE-2012-2132 libsoup: does not indicate whether or not an SSL certificate is valid [fedora-15]↗2012-05-02

▶

Bugzilla

CVE-2012-2132 libsoup: does not indicate whether or not an SSL certificate is valid↗2012-04-30

▶