CVE-2014-8155

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 2.9.10

Description The issue allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is either not yet valid or no longer valid, due to the failure to verify the activation and expiration dates of CA certificates.

Recommendations For versions prior to 2.9.10, update to version 2.9.10 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

CESA-2015_1457

CVE-2014-8155

DLA-180-1

RHSA-2015:1457

RHSA-2015_1457

SUSE-SU-2015_0675-1

USN-2540-1

Affected Products

Centos

Gnutls

Red Hat

Suse

Ubuntu

CVE-2014-8155

Weakness Enumeration

Related Identifiers

Affected Products

References · 32