CVE-2012-5524
EPSS 0.20%
Description
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
How to fix CVE-2012-5524
To remediate CVE-2012-5524, upgrade the affected package to a fixed version below.
- Debian/gajim—upgrade to 0.15.4-1 or later
Is CVE-2012-5524 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.15.4-1