Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11175

HistoryJan 15, 2019 - 8:58 a.m.

Man-in-the-Middle (MitM)

2019-01-1508:58:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

gnutls is vulnerable to man-in-the-middle (MitM) attacks. The vulnerability exists as lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CPENameOperatorVersion
gnutlseq1.4.1__3.el5_4.8
gnutlseq1.4.1__7.el5_8.2
gnutlseq2.8.5__10.el6_4.2
gnutlseq2.8.5__4.el6_2.2
gnutlseq1.0.20__4.el4_8.3
gnutlseq1.4.1__10.el5_9.1
gnutlseq1.4.1__3.el5_3.5
gnutlseq2.8.5__4.el6
gnutlseq2.8.5__10.el6_4.1
gnutlseq1.0.20__4.el4_8.7

Rows per page:

1-10 of 161

References

gnutls.org/security.html#GNUTLS-SA-2014-2

lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html

rhn.redhat.com/errata/RHSA-2014-0246.html

rhn.redhat.com/errata/RHSA-2014-0247.html

rhn.redhat.com/errata/RHSA-2014-0288.html

rhn.redhat.com/errata/RHSA-2014-0339.html

secunia.com/advisories/56933

secunia.com/advisories/57103

secunia.com/advisories/57204

secunia.com/advisories/57254

secunia.com/advisories/57260

secunia.com/advisories/57274

secunia.com/advisories/57321

www.debian.org/security/2014/dsa-2869

www.securityfocus.com/bid/65919

www.ubuntu.com/usn/USN-2127-1

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1069865

rhn.redhat.com/errata/RHSA-2014-0246.html

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N