Vulnerability Details CVE-2015-4680
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
- http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html
- http://www.ocert.org/advisories/ocert-2015-008.html
- http://www.securityfocus.com/archive/1/535810/100/0/threaded
- http://www.securityfocus.com/bid/75327
- http://www.securitytracker.com/id/1032690
- https://bugzilla.redhat.com/show_bug.cgi?id=1234975
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
- http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html
- http://www.ocert.org/advisories/ocert-2015-008.html
- http://www.securityfocus.com/archive/1/535810/100/0/threaded
- http://www.securityfocus.com/bid/75327
- http://www.securitytracker.com/id/1032690
- https://bugzilla.redhat.com/show_bug.cgi?id=1234975
Products affected by CVE-2015-4680
-
cpe:2.3:a:freeradius:freeradius:2.2.0
-
cpe:2.3:a:freeradius:freeradius:2.2.1
-
cpe:2.3:a:freeradius:freeradius:2.2.2
-
cpe:2.3:a:freeradius:freeradius:2.2.3
-
cpe:2.3:a:freeradius:freeradius:2.2.4
-
cpe:2.3:a:freeradius:freeradius:2.2.5
-
cpe:2.3:a:freeradius:freeradius:2.2.6
-
cpe:2.3:a:freeradius:freeradius:2.2.7
-
cpe:2.3:a:freeradius:freeradius:3.0.0
-
cpe:2.3:a:freeradius:freeradius:3.0.1
-
cpe:2.3:a:freeradius:freeradius:3.0.2
-
cpe:2.3:a:freeradius:freeradius:3.0.3
-
cpe:2.3:a:freeradius:freeradius:3.0.4
-
cpe:2.3:a:freeradius:freeradius:3.0.5
-
cpe:2.3:a:freeradius:freeradius:3.0.6
-
cpe:2.3:a:freeradius:freeradius:3.0.7
-
cpe:2.3:a:freeradius:freeradius:3.0.8
-
cpe:2.3:o:suse:linux_enterprise_server:12
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12