Lucene search

[email protected]CVE-2009-1417

HistoryApr 30, 2009 - 8:30 p.m.

CVE-2009-1417

2009-04-3020:30:00

CWE-310

[email protected]

web.nvd.nist.gov

gnutls

x.509

certificate validation

security vulnerability

nvd

cve-2009-1417

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and © libsoup.

Affected configurations

NVD

Node

gnugnutlsRange≤2.6.5

gnugnutlsMatch1.0.16

gnugnutlsMatch1.0.17

gnugnutlsMatch1.0.18

gnugnutlsMatch1.0.19

gnugnutlsMatch1.0.20

gnugnutlsMatch1.0.21

gnugnutlsMatch1.0.22

gnugnutlsMatch1.0.23

gnugnutlsMatch1.0.24

gnugnutlsMatch1.0.25

gnugnutlsMatch1.1.13

gnugnutlsMatch1.1.14

gnugnutlsMatch1.1.15

gnugnutlsMatch1.1.16

gnugnutlsMatch1.1.17

gnugnutlsMatch1.1.18

gnugnutlsMatch1.1.19

gnugnutlsMatch1.1.20

gnugnutlsMatch1.1.21

gnugnutlsMatch1.1.22

gnugnutlsMatch1.1.23

gnugnutlsMatch1.2.0

gnugnutlsMatch1.2.1

gnugnutlsMatch1.2.2

gnugnutlsMatch1.2.3

gnugnutlsMatch1.2.4

gnugnutlsMatch1.2.5

gnugnutlsMatch1.2.6

gnugnutlsMatch1.2.7

gnugnutlsMatch1.2.8

gnugnutlsMatch1.2.8.1a1

gnugnutlsMatch1.2.9

gnugnutlsMatch1.2.10

gnugnutlsMatch1.2.11

gnugnutlsMatch1.3.0

gnugnutlsMatch1.3.1

gnugnutlsMatch1.3.2

gnugnutlsMatch1.3.3

gnugnutlsMatch1.3.4

gnugnutlsMatch1.3.5

gnugnutlsMatch1.4.0

gnugnutlsMatch1.4.1

gnugnutlsMatch1.4.2

gnugnutlsMatch1.4.3

gnugnutlsMatch1.4.4

gnugnutlsMatch1.4.5

gnugnutlsMatch1.5.0

gnugnutlsMatch1.5.1

gnugnutlsMatch1.5.2

gnugnutlsMatch1.5.3

gnugnutlsMatch1.5.4

gnugnutlsMatch1.5.5

gnugnutlsMatch1.6.0

gnugnutlsMatch1.6.1

gnugnutlsMatch1.6.2

gnugnutlsMatch1.6.3

gnugnutlsMatch1.7.0

gnugnutlsMatch1.7.1

gnugnutlsMatch1.7.2

gnugnutlsMatch1.7.3

gnugnutlsMatch1.7.4

gnugnutlsMatch1.7.5

gnugnutlsMatch1.7.6

gnugnutlsMatch1.7.7

gnugnutlsMatch1.7.8

gnugnutlsMatch1.7.9

gnugnutlsMatch1.7.10

gnugnutlsMatch1.7.11

gnugnutlsMatch1.7.12

gnugnutlsMatch1.7.13

gnugnutlsMatch1.7.14

gnugnutlsMatch1.7.15

gnugnutlsMatch1.7.16

gnugnutlsMatch1.7.17

gnugnutlsMatch1.7.18

gnugnutlsMatch1.7.19

gnugnutlsMatch2.0.0

gnugnutlsMatch2.0.1

gnugnutlsMatch2.0.2

gnugnutlsMatch2.0.3

gnugnutlsMatch2.0.4

gnugnutlsMatch2.1.0

gnugnutlsMatch2.1.1

gnugnutlsMatch2.1.2

gnugnutlsMatch2.1.3

gnugnutlsMatch2.1.4

gnugnutlsMatch2.1.5

gnugnutlsMatch2.1.6

gnugnutlsMatch2.1.7

gnugnutlsMatch2.1.8

gnugnutlsMatch2.2.0

gnugnutlsMatch2.2.1

gnugnutlsMatch2.2.2

gnugnutlsMatch2.2.3

gnugnutlsMatch2.2.4

gnugnutlsMatch2.2.5

gnugnutlsMatch2.3.0

gnugnutlsMatch2.3.1

gnugnutlsMatch2.3.2

gnugnutlsMatch2.3.3

gnugnutlsMatch2.3.4

gnugnutlsMatch2.3.5

gnugnutlsMatch2.3.6

gnugnutlsMatch2.3.7

gnugnutlsMatch2.3.8

gnugnutlsMatch2.3.9

gnugnutlsMatch2.3.10

gnugnutlsMatch2.3.11

gnugnutlsMatch2.4.0

gnugnutlsMatch2.4.1

gnugnutlsMatch2.4.2

gnugnutlsMatch2.6.0

gnugnutlsMatch2.6.1

gnugnutlsMatch2.6.2

gnugnutlsMatch2.6.3

gnugnutlsMatch2.6.4

CPENameOperatorVersion
gnu:gnutlsgnu gnutlsle2.6.5
gnu:gnutlsgnu gnutlseq1.0.16
gnu:gnutlsgnu gnutlseq1.0.17
gnu:gnutlsgnu gnutlseq1.0.18
gnu:gnutlsgnu gnutlseq1.0.19
gnu:gnutlsgnu gnutlseq1.0.20
gnu:gnutlsgnu gnutlseq1.0.21
gnu:gnutlsgnu gnutlseq1.0.22
gnu:gnutlsgnu gnutlseq1.0.23
gnu:gnutlsgnu gnutlseq1.0.24

CPE	Name	Operator	Version
gnu:gnutls	gnu gnutls	le	2.6.5
gnu:gnutls	gnu gnutls	eq	1.0.16
gnu:gnutls	gnu gnutls	eq	1.0.17
gnu:gnutls	gnu gnutls	eq	1.0.18
gnu:gnutls	gnu gnutls	eq	1.0.19
gnu:gnutls	gnu gnutls	eq	1.0.20
gnu:gnutls	gnu gnutls	eq	1.0.21
gnu:gnutls	gnu gnutls	eq	1.0.22
gnu:gnutls	gnu gnutls	eq	1.0.23
gnu:gnutls	gnu gnutls	eq	1.0.24