CVE-2015-0961

Опубликовано: 25 мая 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Комментарий

CWE-295: Improper Certificate Validation

Ссылки

http://www.kb.cert.org/vuls/id/534407
Third Party Advisory
US Government Resource
https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/
Vendor Advisory
https://techlib.barracuda.com/BWF/UpdateSSLCerts
Vendor Advisory
https://www.barracuda.com/support/techalerts
Vendor Advisory
http://www.kb.cert.org/vuls/id/534407
Third Party Advisory
US Government Resource
https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/
Vendor Advisory
https://techlib.barracuda.com/BWF/UpdateSSLCerts
Vendor Advisory
https://www.barracuda.com/support/techalerts
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:barracuda:web_filter:*:*:*:*:*:*:*:*

Версия до 8.0.003 (включая)

EPSS

Процентиль: 41%

0.00189

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xwgw-cx39-c2gx

github

больше 3 лет назад