CVE-2009-5144

Опубликовано: 03 фев. 2018

Источник: ubuntu

Приоритет: high

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

Релиз	Статус	Примечание
devel	not-affected	0.5.10-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [0.5.10-1]]
lucid	ignored	end of life
precise	not-affected	0.5.10-1
trusty	not-affected	0.5.10-1
trusty/esm	DNE	trusty was not-affected [0.5.10-1]
upstream	released	0.5.6
utopic	not-affected	0.5.10-1
vivid	not-affected	0.5.10-1

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2009-5144

EPSS

Процентиль: 38%

0.00163

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2009-5144

CVSS3: 7.5

nvd

почти 8 лет назад

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

CVE-2009-5144

CVSS3: 7.5

debian

почти 8 лет назад

mod-gnutls does not validate client certificates when "GnuTLSClientVer ...

GHSA-8pjf-mf88-ccv8

CVSS3: 7.5

github

больше 3 лет назад

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

EPSS

Процентиль: 38%

0.00163

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2009-5144

Описание

Пакет mod-gnutls

Ссылки на источники

Связанные уязвимости