Security Bulletin: IBM WebSphere Application Server Hypervisor GnuTLS certificate security bypass CVE-2014-0092

Summary

GnuTLS in Red Hat Enterprise Linux that ships with IBM WebSphere Application Server Hypervisor edition could allow a remote attacker to bypass security restrictions, caused by an error when verifying unspecified certificates. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to bypass certificate validation checks and gain access to the system.

Vulnerability Details

CVE ID:CVE-2014-0092**

DESCRIPTION: GnuTLS in Red Hat Enterprise Linux that ships with IBM WebSphere Application Server Hypervisor edition could allow a remote attacker to bypass security restrictions, caused by an error when verifying unspecified certificates. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass certificate validation checks and gain access to the system.**** **
CVE-2014-0092 CVSS: _
CVSS Base Score: 4.3
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/91486 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM WebSphere Application Server Hypervisor Images for Version 8.5.5, 8.5, 8.0 and 7.0 include this affected library.

Remediation/Fixes

Upgrade to the fixed level of Red Hat:
Red Hat Version 5 Customer Portal
Red Hat Version 6 Customer Portal

Workarounds and Mitigations

none