Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11235

HistoryJan 15, 2019 - 8:58 a.m.

Information Leakage

2019-01-1508:58:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

The GnuTLS library is susceptible to information leakage. When CBC-mode cipher is used, attacker can use a TLS/SSL server as a padding oracle to decrypt the encrypted packets.

CPENameOperatorVersion
gnutlseq2.8.5__4.el6
gnutlseq1.4.1__3.el5_4.8
gnutlseq2.8.5__4.el6_2.2
gnutlseq1.4.1__7.el5_8.2
gnutlseq1.4.1__3.el5_3.5
gnutlseq1.4.1__3.el5_2.1
gnutlseq1.4.1__3.el5_1

References

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html

lists.opensuse.org/opensuse-updates/2013-05/msg00023.html

nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html

openwall.com/lists/oss-security/2013/02/05/24

rhn.redhat.com/errata/RHSA-2013-0588.html

secunia.com/advisories/57260

secunia.com/advisories/57274

www.gnutls.org/security.html#GNUTLS-SA-2013-1

www.isg.rhul.ac.uk/tls/TLStiming.pdf

www.ubuntu.com/usn/USN-1752-1

access.redhat.com/security/updates/classification/#moderate

gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0

gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198

rhn.redhat.com/errata/RHSA-2013-0588.html

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

Related for VERACODE:11235

fedora9 nessus26 openvas48 centos2 securityvulns2 ubuntu1 oraclelinux4 slackware3 amazon2 redhat4 ubuntucve1 prion1 f52 cve1 suse4 gentoo1 debiancve1