CVE Vulnerabilities

CVE-2015-2091

Published: Mar 13, 2015 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when GnuTLSClientVerify require is set, which allows remote attackers to spoof clients via a crafted certificate.

Affected Software

Name Vendor Start Version End Version
Mod-gnutls Apache * 0.5.1 (including)
Mod-gnutls Ubuntu artful *
Mod-gnutls Ubuntu lucid *
Mod-gnutls Ubuntu precise *
Mod-gnutls Ubuntu trusty *
Mod-gnutls Ubuntu upstream *
Mod-gnutls Ubuntu utopic *
Mod-gnutls Ubuntu vivid *
Mod-gnutls Ubuntu wily *
Mod-gnutls Ubuntu yakkety *
Mod-gnutls Ubuntu zesty *

References