CVE-2014-8155

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

References

http://rhn.redhat.com/errata/RHSA-2015-1457.html

http://www.securityfocus.com/bid/73317

https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c

https://support.f5.com/csp/article/K53330207

Details

Source: MITRE

Published: 2015-08-14

Updated: 2019-04-08

Type: CWE-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to 2.9.9 (inclusive)

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
123837F5 Networks BIG-IP : GnuTLS vulnerability (K53330207)NessusF5 Networks Local Security Checks
medium
85230Amazon Linux AMI : gnutls (ALAS-2015-575)NessusAmazon Linux Local Security Checks
high
85193Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20150722)NessusScientific Linux Local Security Checks
high
85109Oracle Linux 6 : gnutls (ELSA-2015-1457)NessusOracle Linux Local Security Checks
high
85023CentOS 6 : gnutls (CESA-2015:1457)NessusCentOS Local Security Checks
high
84949RHEL 6 : gnutls (RHSA-2015:1457)NessusRed Hat Local Security Checks
high
82639SuSE 11.3 Security Update : GnuTLS (SAT Patch Number 10536)NessusSuSE Local Security Checks
medium
82166Debian DLA-180-1 : gnutls26 security updateNessusDebian Local Security Checks
high
82024Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : gnutls26, gnutls28 vulnerabilities (USN-2540-1)NessusUbuntu Local Security Checks
high