CVE-2015-4680

Опубликовано: 05 апр. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
Third Party Advisory
http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html
Patch
Third Party Advisory
VDB Entry
http://www.ocert.org/advisories/ocert-2015-008.html
Patch
Third Party Advisory
http://www.securityfocus.com/archive/1/535810/100/0/threaded
http://www.securityfocus.com/bid/75327
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032690
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1234975
Issue Tracking
Patch
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
Third Party Advisory
http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html
Patch
Third Party Advisory
VDB Entry
http://www.ocert.org/advisories/ocert-2015-008.html
Patch
Third Party Advisory
http://www.securityfocus.com/archive/1/535810/100/0/threaded
http://www.securityfocus.com/bid/75327
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032690
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1234975
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.0038

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2015-4680

CVSS3: 7.5

ubuntu

почти 9 лет назад

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

CVE-2015-4680

redhat

больше 10 лет назад

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

CVE-2015-4680

CVSS3: 7.5

debian

почти 9 лет назад

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly ...

SUSE-SU-2017:0102-1

suse-cvrf

около 9 лет назад

Security update for freeradius-server

GHSA-58q5-m5pm-jwpv

CVSS3: 7.5

github

больше 3 лет назад

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

EPSS

Процентиль: 59%

0.0038

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295