Fluid Attacks Database

Description

libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libgdata	>=0 <0.10.2-1	0.10.2-1
debian 12	libgdata	>=0 <0.10.2-1	0.10.2-1
debian 11	libgdata	>=0 <0.10.2-1	0.10.2-1
rpm rhel6	libgdata	-	-

Aliases

1. CVE-2012-11772. NVD-2012-11773. OSV-DEBIAN-2012-11774. OSV-2012-11775. SECURITY-TRACKER-CVE-2012-1177

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.