Published: 24/03/2015 Updated: 05/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

GnuTLS prior to 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote malicious users to conduct downgrade attacks via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnutls

Several security issues were fixed in GnuTLS ...

It was found that GnuTLS did not check activation and expiration dates of CA certificates This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired (CVE-2014-8155) It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing alg ...

It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification ...

CWE-310 http://www.gnutls.org/security.html http://www.debian.org/security/2015/dsa-3191 http://www.securitytracker.com/id/1032148 http://www.securityfocus.com/bid/73119 http://rhn.redhat.com/errata/RHSA-2015-1457.html https://usn.ubuntu.com/2540-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-0282

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0282

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect