Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2015-4680
HistoryApr 05, 2017 - 12:00 a.m.

CVE-2015-4680

2017-04-0500:00:00
ubuntu.com
ubuntu.com
13

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

73.9%

JSON

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly
check revocation of intermediate CA certificates.

Bugs

Notes

Author Note
tyhicks Upstream states that the recommended configuration is not affected. Only configurations using certs from a public CA are affected and upstream says that such configurations are not recommended.
mdeslaur we will not be fixing this issue in Ubuntu 14.04 LTS. Users are advised to follow upstream recommendations or to update to a later Ubuntu release.

Related

prion 1
securityvulns 2
nessus 7
mageia 1
cvelist 1
archlinux 1
debiancve 1
freebsd 1
suse 1
nvd 1
openvas 4
cve 1
osv 1
debian 1
prion
prion
Design/Logic Flaw
2017-04-05 17:59:00
securityvulns
securityvulns
FreeRADIUS
2015-06-29 00:00:00
[oCERT-2015-008] FreeRADIUS insufficent CRL application
2015-06-29 00:00:00
nessus
nessus
RHEL 6 : freeradius (Unpatched Vulnerability)
2024-06-03 00:00:00
FreeBSD : freeradius -- insufficient CRL application vulnerability (379788f3-2900-11e5-a4a5-002590263bf5)
2015-07-14 00:00:00
SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:0102-1)
2017-01-11 00:00:00
mageia
mageia
Updated freeradius package fixes security vulnerability
2015-07-29 00:01:59
cvelist
cvelist
CVE-2015-4680
2017-04-05 17:00:00
archlinux
archlinux
freeradius: insufficient CRL validation
2015-08-14 00:00:00
debiancve
debiancve
CVE-2015-4680
2017-04-05 17:59:00
freebsd
freebsd
freeradius -- insufficient CRL application vulnerability
2015-06-22 00:00:00
suse
suse
Security update for freeradius-server (important)
2017-01-10 19:09:23
nvd
nvd
CVE-2015-4680
2017-04-05 17:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0291)
2015-10-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0102-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1777-1)
2021-06-09 00:00:00
cve
cve
CVE-2015-4680
2017-04-05 17:59:00
osv
osv
freeradius - security update
2017-06-05 00:00:00
debian
debian
[SECURITY] [DLA 977-1] freeradius security update
2017-06-05 16:33:07

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

73.9%

JSON
Related for UB:CVE-2015-4680
prion1securityvulns2nessus7mageia1cvelist1archlinux1debiancve1freebsd1suse1nvd1openvas4cve1osv1debian1