CVE-2015-0282

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

References

http://rhn.redhat.com/errata/RHSA-2015-1457.html

http://www.debian.org/security/2015/dsa-3191

http://www.gnutls.org/security.html

http://www.securityfocus.com/bid/73119

http://www.securitytracker.com/id/1032148

Details

Source: MITRE

Published: 2015-03-24

Updated: 2018-01-05

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to 3.0.9 (inclusive)

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
86187F5 Networks BIG-IP : GnuTLS RSA PKCS signature vulnerability (K17327)NessusF5 Networks Local Security Checks
medium
85230Amazon Linux AMI : gnutls (ALAS-2015-575)NessusAmazon Linux Local Security Checks
high
85193Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20150722)NessusScientific Linux Local Security Checks
high
85142OracleVM 3.3 : gnutls (OVMSA-2015-0101)NessusOracleVM Local Security Checks
high
85109Oracle Linux 6 : gnutls (ELSA-2015-1457)NessusOracle Linux Local Security Checks
high
85023CentOS 6 : gnutls (CESA-2015:1457)NessusCentOS Local Security Checks
high
84949RHEL 6 : gnutls (RHSA-2015:1457)NessusRed Hat Local Security Checks
high
82639SuSE 11.3 Security Update : GnuTLS (SAT Patch Number 10536)NessusSuSE Local Security Checks
medium
82166Debian DLA-180-1 : gnutls26 security updateNessusDebian Local Security Checks
high
82024Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : gnutls26, gnutls28 vulnerabilities (USN-2540-1)NessusUbuntu Local Security Checks
high
81835Debian DSA-3191-1 : gnutls26 - security updateNessusDebian Local Security Checks
high