43 matches found
CVE-2026-33308
A flaw was found in modgnutls, a TLS module for Apache HTTPD. Prior to version 0.13.0, the module's client certificate verification process did not properly validate the key purpose specified in the Extended Key Usage EKU extension. This oversight could allow a remote attacker, possessing a valid...
CVE-2026-33307
A flaw was found in modgnutls, a TLS module for Apache HTTPD. A remote attacker could exploit this vulnerability by sending a specially crafted client certificate chain to a server configured to use client certificates. This could lead to a buffer overflow due to the module not properly checking...
CVE-2026-33308
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33307
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
CVE-2026-33307
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
UBUNTU-CVE-2026-33307
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
CVE-2026-33308
CVE-2026-33308 affects mod_gnutls, a TLS module for Apache HTTPD based on GnuTLS. Prior to 0.13.0, the client-certificate verification code did not enforce the Extended Key Usage EKU key purpose; if an attacker possessed the private key of a valid certificate from a trusted CA but intended for a ...
EUVD-2026-14694
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33307
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
EUVD-2015-2201
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-25824
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS...
Debian: Security Advisory (DLA-170-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...
PT-2023-20329 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Mod gnutls versions 0.9.0 through 0.12.0 Description: Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. It did not properly fail blocking read operations on TLS connections when the transport hit timeouts, entering an endless loop...
Apache mod-gnutls Certificate Spoofing Vulnerability
Apache mod-gnutls is an extension to Apache httpd which provides HTTPS services through the use of the GnuTLS library from the Apache Software Foundation USA. A security vulnerability exists in Apache mod-gnutls that stems from the program's failure to validate client certificates. A remote...
Design/Logic Flaw
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...
CVE-2009-5144
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...