CVE-2015-2091

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Score

0.7%

Exploitation probability in 30 days

Top 28% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: March 13, 2015 (4081 days ago)

Last Modified: May 6, 2026

Vendor: Apache

Source: NVD

Description

The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.

CWE

CWE-310

Affected Products

apache mod-gnutls

References

🔗 issues.outoforder.cc 🔗 www.debian.org 🔗 bugs.debian.org 🔗 security.gentoo.org 🔗 issues.outoforder.cc

CVE-2015-2091

Vulnerability Report

Description

CWE

Affected Products

References