GnuTLS in Red Hat Enterprise Linux that ships with IBM WebSphere Application Server Hypervisor edition could allow a remote attacker to bypass security restrictions, caused by an error when verifying unspecified certificates. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to bypass certificate validation checks and gain access to the system.
CVE ID:CVE-2014-0092**
DESCRIPTION: GnuTLS in Red Hat Enterprise Linux that ships with IBM WebSphere Application Server Hypervisor edition could allow a remote attacker to bypass security restrictions, caused by an error when verifying unspecified certificates. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass certificate validation checks and gain access to the system.**** **
CVE-2014-0092 CVSS: _
CVSS Base Score: 4.3
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/91486 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM WebSphere Application Server Hypervisor Images for Version 8.5.5, 8.5, 8.0 and 7.0 include this affected library.
Upgrade to the fixed level of Red Hat:
Red Hat Version 5 Customer Portal
Red Hat Version 6 Customer Portal
none