Search for vulnerabilities
Vulnerability details: VCID-uxsr-unmu-aaak
Vulnerability ID VCID-uxsr-unmu-aaak
Aliases CVE-2015-0282
Summary GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-310 Cryptographic Issues
CWE-295 Improper Certificate Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0282.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1457
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00344 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00344 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00344 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00344 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00461 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
epss 0.00897 https://api.first.org/data/v1/epss?cve=CVE-2015-0282
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1194371
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0294
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-0282
generic_textual Low https://ubuntu.com/security/notices/USN-2540-1
generic_textual Medium http://www.gnutls.org/security.html#GNUTLS-SA-2015-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0282.html
http://rhn.redhat.com/errata/RHSA-2015-1457.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0282.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0294
https://ubuntu.com/security/notices/USN-2540-1
http://www.debian.org/security/2015/dsa-3191
http://www.gnutls.org/security.html
http://www.gnutls.org/security.html#GNUTLS-SA-2015-1
http://www.securityfocus.com/bid/73119
http://www.securitytracker.com/id/1032148
1194371 https://bugzilla.redhat.com/show_bug.cgi?id=1194371
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
CVE-2015-0282 https://nvd.nist.gov/vuln/detail/CVE-2015-0282
RHSA-2015:1457 https://access.redhat.com/errata/RHSA-2015:1457
USN-2540-1 https://usn.ubuntu.com/2540-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-0282
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.42513
EPSS Score 0.00198
Published At May 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.