Lucene search

Ubuntu.comUB:CVE-2017-1000415

HistoryJan 09, 2018 - 12:00 a.m.

CVE-2017-1000415

2018-01-0900:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

37.9%

JSON

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in
its X.509 certificate validation process resulting in some certificates
have their expiration (beginning) year extended (delayed) by 100 years.

References

launchpad.net/bugs/cve/CVE-2017-1000415

nvd.nist.gov/vuln/detail/CVE-2017-1000415

security-tracker.debian.org/tracker/CVE-2017-1000415

www.cve.org/CVERecord?id=CVE-2017-1000415

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

37.9%

JSON

Related for UB:CVE-2017-1000415