CVE-2014-8155 in GnuTLS
Resumen (Inglés)
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Reservar
2014-10-10
Divulgación
2015-08-14
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 77248 | GnuTLS CA Certificate Expiry Date Ejecución remota de código | 17 | No está definido | Arreglo oficial | CVE-2014-8155 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV