Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-1417

Good to know:

icon

Date: April 30, 2009

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

Language: C

Severity Score

Related Resources (11)

http://www.securitytracker.com/id?1022159
http://secunia.com/advisories/34842
https://exchange.xforce.ibmcloud.com/vulnerabilities/50261
https://nvd.nist.gov/vuln/detail/CVE-2009-1417
http://www.securityfocus.com/bid/34783
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://secunia.com/advisories/35211
http://www.vupen.com/english/advisories/2009/1218
http://security.gentoo.org/glsa/glsa-200905-04.xml
https://www.mend.io/vulnerability-database/CVE-2009-1417

Severity Score

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Top Fix

icon

Upgrade Version

Upgrade to version 2.8.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us