Vulnerabilities > CVE-2009-5144 - 7PK - Security Features vulnerability in MOD Gnutls Project MOD Gnutls

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

mod-gnutls-project

CWE-254

NVD

Published: 2018-02-03

Updated: 2018-03-13

Summary

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

Vulnerable Configurations

Part	Description	Count
Application	Mod_Gnutls_Project MOD Gnutls Project MOD Gnutls -	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://bugzilla.redhat.com/show_bug.cgi?id=1197127
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578663
http://www.openwall.com/lists/oss-security/2015/02/26/6
http://issues.outoforder.cc/view.php?id=93