Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24864
HistoryApr 10, 2020 - 1:07 a.m.

CRL Validation Bypass

2020-04-1001:07:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

OpenSSL is vulnerable to CRL validation bypass. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause anapplication using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past.

References

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N