CVE-2018-11712
First published: Mon Jun 04 2018(Updated: )
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WebKitGTK+ | =2.20.0 | |
| WebKitGTK+ | =2.20.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-11712.
What is the title of this vulnerability?
The title of this vulnerability is WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKi…
What is the severity of CVE-2018-11712?
The severity of CVE-2018-11712 is high with a CVSS score of 7.5.
What software versions are affected by CVE-2018-11712?
WebKiGTK+ versions 2.20.0 and 2.20.1 are affected by CVE-2018-11712.
How do I fix CVE-2018-11712?
To fix CVE-2018-11712, it is recommended to update to a version of WebKiGTK+ that is not affected by the vulnerability.
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/webkitgtk
- canonical/webkitgtk+
- version/webkitgtk+/2.20.0
- version/webkitgtk+/2.20.1