CVE-2014-8155
gnutls: gnutls does not perform date/time checks on CA certificates
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Vulnerabilidad en GnuTLS en versiones anteriores a 2.9.10, no verifica las fechas de activación y expiración de certificados CA, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un certificado expedido por un certificado CA que (1) aún no es válido o (2) ya no es válido.
It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2015-03-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
- CWE-325: Missing Cryptographic Step
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/73317 | Vdb Entry | |
| https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c | X_refsource_confirm | |
| https://support.f5.com/csp/article/K53330207 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-1457.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2014-8155 | 2015-07-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1197995 | 2015-07-21 |