← Back

CVE-2012-5524

nvd nist
Published: Feb 8, 2014Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

Affected (45)

Products: Gajim: Gajim
Gajim
1 product
Gajim
Configuration A
45 vulnerable
Vulnerable SoftwareAffected Versions
Gajim
Gajim
Up to 0.15.2
Gajim
Version 0.10.1
Gajim
Version 0.10
Gajim
Version 0.11.1
Gajim
Version 0.11.2
Gajim
Version 0.11.3
Gajim
Version 0.11.4
Gajim
Version 0.11
Gajim
Version 0.12.1
Gajim
Version 0.12.2
Gajim
Version 0.12.3
Gajim
Version 0.12.4
Gajim
Version 0.12.5
Gajim
Version 0.12.5 alpha1
Gajim
Version 0.12.5 beta1
Gajim
Version 0.12
Gajim
Version 0.13.1
Gajim
Version 0.13.2
Gajim
Version 0.13.3
Gajim
Version 0.13.4
Gajim
Version 0.13
Gajim
Version 0.14.1
Gajim
Version 0.14.2
Gajim
Version 0.14.3
Gajim
Version 0.14.4
Gajim
Version 0.14
Gajim
Version 0.15.1
Gajim
Version 0.15
Gajim
Version 0.1
Gajim
Version 0.2.1
Gajim
Version 0.2
Gajim
Version 0.3
Gajim
Version 0.4.1
Gajim
Version 0.4
Gajim
Version 0.5.1
Gajim
Version 0.5
Gajim
Version 0.6.1
Gajim
Version 0.6
Gajim
Version 0.7.1
Gajim
Version 0.7
Gajim
Version 0.8.1
Gajim
Version 0.8.2
Gajim
Version 0.8
Gajim
Version 0.9.1
Gajim
Version 0.9

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch

Timeline

No history available yet.