6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
48.7%
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when “GnuTLSClientVerify require” is set, which allows remote attackers to spoof clients via a crafted certificate.
issues.outoforder.cc/view.php?id=93
www.debian.org/security/2015/dsa-3177
bugs.debian.org/cgi-bin/bugreport.cgi?bug=578663
security.gentoo.org/glsa/201709-04