Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2091

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2091
Last Modified 13 Mar 2015 03:49:36
Published 13 Mar 2015 10:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2091

Summary

The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.

Vulnerable Systems

Application

  • Apache Mod-gnutls 0.5.1


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578663

DEBIAN - DSA-3177

MISC - http://issues.outoforder.cc/view.php?id=93


Last Updated: 27 May 2016 11:08:05