GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
References
Configurations
History
13 Feb 2023, 00:43
Type | Values Removed | Values Added |
---|---|---|
Summary | GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | |
References |
|
02 Feb 2023, 20:19
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. | |
References |
|
Information
Published : 2015-08-14 18:59
Updated : 2023-12-10 11:46
NVD link : CVE-2014-8155
Mitre link : CVE-2014-8155
CVE.ORG link : CVE-2014-8155
JSON object : View
Products Affected
gnu
- gnutls
CWE
CWE-17
DEPRECATED: Code