Описание
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.5.10-1.1+deb7u1 |
| cosmic | not-affected | 0.5.10-1.1+deb7u1 |
| devel | not-affected | 0.5.10-1.1+deb7u1 |
| disco | not-affected | 0.5.10-1.1+deb7u1 |
| esm-apps/bionic | not-affected | 0.5.10-1.1+deb7u1 |
| esm-apps/xenial | not-affected | 0.5.10-1.1+deb7u1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earl ...
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
EPSS
5 Medium
CVSS2