Lucene search
Ubuntu.comUB:CVE-2014-8155HistoryDec 31, 2014 - 12:00 a.m.
CVE-2014-8155
2014-12-3100:00:00
ubuntu.com
ubuntu.com
17
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
46.7%
GnuTLS before 2.9.10 does not verify the activation and expiration dates of
CA certificates, which allows man-in-the-middle attackers to spoof servers
via a certificate issued by a CA certificate that is (1) not yet valid or
(2) no longer valid.
Notes
| Author | Note |
|---|---|
| tyhicks | Fixed upstream in 2.9.10 |
Related
nessus
nessus
F5 Networks BIG-IP : GnuTLS vulnerability (K53330207)
2019-04-09 00:00:00
CentOS 6 : gnutls (CESA-2015:1457)
2015-07-28 00:00:00
Amazon Linux AMI : gnutls (ALAS-2015-575)
2015-08-05 00:00:00
cvelist
cvelist
CVE-2014-8155
2015-08-14 18:00:00
debiancve
debiancve
CVE-2014-8155
2015-08-14 18:59:01
f5
f5
K53330207 : GnuTLS vulnerability CVE-2014-8155
2019-04-08 00:00:00
prion
prion
Design/Logic Flaw
2015-08-14 18:59:00
cve
cve
CVE-2014-8155
2015-08-14 18:59:01
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:06:46
Improper Signature Validation
2019-05-02 05:41:06
Improper Signature Validation
2019-05-02 05:41:06
nvd
nvd
CVE-2014-8155
2015-08-14 18:59:01
redhat
redhat
(RHSA-2015:1457) Moderate: gnutls security and bug fix update
2015-07-22 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-1457)
2015-10-06 00:00:00
RedHat Update for gnutls RHSA-2015:1457-01
2015-07-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0675-1)
2021-06-09 00:00:00
debian
debian
[SECURITY] [DLA 180-1] gnutls26 security update
2015-03-25 07:50:25
amazon
amazon
Medium: gnutls
2015-08-04 11:36:00
centos
centos
gnutls security update
2015-07-26 14:11:38
ubuntu
ubuntu
GnuTLS vulnerabilities
2015-03-23 00:00:00
osv
osv
gnutls26 - security update
2015-03-25 00:00:00
oraclelinux
oraclelinux
gnutls security and bug fix update
2015-07-28 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
46.7%
Related for UB:CVE-2014-8155