CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
75.5%
CVE-2015-0282 Multiple GnuTLS Vulnerabilities
Medium
Canonical Ubuntu
Several security issues were fixed in GnuTLS. This issue only affects versions of GnuTLS prior to 3.1.0 (released in 2012). These versions donβt verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm, such as MD5, without detecting it.
_Severity is medium unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Nikos Mavrogiannopoulos