TLS Certificate Verification Bypass in WebKitGTK+ WebSocket Connections
CVE-2018-11712 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.
Learn more about our Network Penetration Testing.