CVE-2009-5144

Description

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

• How can I get the fixes?
• What do statuses mean?
• Patch details

Patch details

Severity score breakdown

CVSS version: CVSS v3.0

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• https://www.cve.org/CVERecord?id=CVE-2009-5144