Think you have a false positive on this rule?

Sid 1-50946

Message

SERVER-OTHER GnuTLS x509 certificate validation policy bypass attempt

Summary

This event is generated when a crafted certificate is used to bypass policy validation in an application using GnuTLS.

Impact

Attempted User Privilege Gain

CVE-2014-0092:

CVSS base score 5.8

CVSS impact score 4.9

CVSS exploitability score 8.6

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Detailed information

CVE-2014-0092: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected systems

  • gnu gnutls 3.1.0
  • gnu gnutls 3.1.1
  • gnu gnutls 3.1.2
  • gnu gnutls 3.1.3
  • gnu gnutls 3.1.4
  • gnu gnutls 3.1.5
  • gnu gnutls 3.1.6
  • gnu gnutls 3.1.7
  • gnu gnutls 3.1.8
  • gnu gnutls 3.1.9
  • gnu gnutls 3.1.10
  • gnu gnutls 3.1.11
  • gnu gnutls 3.1.12
  • gnu gnutls 3.1.13
  • gnu gnutls 3.1.14
  • gnu gnutls 3.1.15
  • gnu gnutls 3.1.16
  • gnu gnutls 3.1.17
  • gnu gnutls 3.1.18
  • gnu gnutls 3.1.19
  • gnu gnutls 3.1.20
  • gnu gnutls 3.1.21
  • gnu gnutls 3.2.0
  • gnu gnutls 3.2.1
  • gnu gnutls 3.2.2
  • gnu gnutls 3.2.3
  • gnu gnutls 3.2.4
  • gnu gnutls 3.2.5
  • gnu gnutls 3.2.6
  • gnu gnutls 3.2.7
  • gnu gnutls 3.2.8
  • gnu gnutls 3.2.8.1
  • gnu gnutls 3.2.9
  • gnu gnutls 3.2.10
  • gnu gnutls 3.2.11

Ease of attack

CVE-2014-0092:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References