CVE-2012-5524
08.02.2014, 00:55
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gajim | gajim | 𝑥 ≤ 0.15.2 |
| gajim | gajim | 0.1 |
| gajim | gajim | 0.2 |
| gajim | gajim | 0.2.1 |
| gajim | gajim | 0.3 |
| gajim | gajim | 0.4 |
| gajim | gajim | 0.4.1 |
| gajim | gajim | 0.5 |
| gajim | gajim | 0.5.1 |
| gajim | gajim | 0.6 |
| gajim | gajim | 0.6.1 |
| gajim | gajim | 0.7 |
| gajim | gajim | 0.7.1 |
| gajim | gajim | 0.8 |
| gajim | gajim | 0.8.1 |
| gajim | gajim | 0.8.2 |
| gajim | gajim | 0.9 |
| gajim | gajim | 0.9.1 |
| gajim | gajim | 0.10 |
| gajim | gajim | 0.10.1 |
| gajim | gajim | 0.11 |
| gajim | gajim | 0.11.1 |
| gajim | gajim | 0.11.2 |
| gajim | gajim | 0.11.3 |
| gajim | gajim | 0.11.4 |
| gajim | gajim | 0.12 |
| gajim | gajim | 0.12.1 |
| gajim | gajim | 0.12.2 |
| gajim | gajim | 0.12.3 |
| gajim | gajim | 0.12.4 |
| gajim | gajim | 0.12.5 |
| gajim | gajim | 0.12.5:alpha1 |
| gajim | gajim | 0.12.5:beta1 |
| gajim | gajim | 0.13 |
| gajim | gajim | 0.13.1 |
| gajim | gajim | 0.13.2 |
| gajim | gajim | 0.13.3 |
| gajim | gajim | 0.13.4 |
| gajim | gajim | 0.14 |
| gajim | gajim | 0.14.1 |
| gajim | gajim | 0.14.2 |
| gajim | gajim | 0.14.3 |
| gajim | gajim | 0.14.4 |
| gajim | gajim | 0.15 |
| gajim | gajim | 0.15.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References