Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-2091

Published: 13/03/2015 Updated: 19/09/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Mod-gnutls

Vulnerability Summary

The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and previous versions does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote malicious users to spoof clients via a crafted certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

apache mod-gnutls

Vendor Advisories

Debian Security Advisories: DSA-3177-1 mod-gnutls -- security update
Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server's client verify mode not to be considered at all, in case the directory's configuration was unset Clients with invalid certificates were then able to leverage this flaw in order to get access to that directory For the ...

References

CWE-310http://issues.outoforder.cc/view.php?id=93http://www.debian.org/security/2015/dsa-3177https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578663https://security.gentoo.org/glsa/201709-04https://www.debian.org/security/./dsa-3177https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook