Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArch LinuxASA-201508-6
HistoryAug 14, 2015 - 12:00 a.m.

freeradius: insufficient CRL validation

2015-08-1400:00:00
Arch Linux
lists.archlinux.org
39

0.004 Low

EPSS

Percentile

73.9%

JSON

The FreeRADIUS server relies on OpenSSL to perform certificate
validation, including Certificate Revocation List (CRL) checks. The
FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to
leaf certificates, therefore not detecting revocation of intermediate CA
certificates.
An unexpired client certificate, issued by an intermediate CA with a
revoked certificate, is therefore accepted by FreeRADIUS.

OSVersionArchitecturePackageVersionFilename
anyanyanyfreeradius< 3.0.9-1UNKNOWN

Related

prion 1
nessus 7
mageia 1
securityvulns 2
freebsd 1
suse 1
nvd 1
cvelist 1
debiancve 1
cve 1
openvas 4
ubuntucve 1
osv 1
debian 1
prion
prion
Design/Logic Flaw
2017-04-05 17:59:00
nessus
nessus
FreeBSD : freeradius -- insufficient CRL application vulnerability (379788f3-2900-11e5-a4a5-002590263bf5)
2015-07-14 00:00:00
RHEL 6 : freeradius (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:0102-1)
2017-01-11 00:00:00
mageia
mageia
Updated freeradius package fixes security vulnerability
2015-07-29 00:01:59
securityvulns
securityvulns
FreeRADIUS
2015-06-29 00:00:00
[oCERT-2015-008] FreeRADIUS insufficent CRL application
2015-06-29 00:00:00
freebsd
freebsd
freeradius -- insufficient CRL application vulnerability
2015-06-22 00:00:00
suse
suse
Security update for freeradius-server (important)
2017-01-10 19:09:23
nvd
nvd
CVE-2015-4680
2017-04-05 17:59:00
cvelist
cvelist
CVE-2015-4680
2017-04-05 17:00:00
debiancve
debiancve
CVE-2015-4680
2017-04-05 17:59:00
cve
cve
CVE-2015-4680
2017-04-05 17:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0291)
2015-10-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0102-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1777-1)
2021-06-09 00:00:00
ubuntucve
ubuntucve
CVE-2015-4680
2017-04-05 00:00:00
osv
osv
freeradius - security update
2017-06-05 00:00:00
debian
debian
[SECURITY] [DLA 977-1] freeradius security update
2017-06-05 16:33:07

0.004 Low

EPSS

Percentile

73.9%

JSON
Related for ASA-201508-6
prion1nessus7mageia1securityvulns2freebsd1suse1nvd1cvelist1debiancve1cve1openvas4ubuntucve1osv1debian1