CVE-2017-1000415: XSS
First published: Tue Jan 09 2018(Updated: )
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Matrixssl Matrixssl | =3.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1000415?
The severity of CVE-2017-1000415 is classified as medium due to improper validation in the X.509 certificate expiration process.
How do I fix CVE-2017-1000415?
To fix CVE-2017-1000415, upgrade MatrixSSL to a version beyond 3.7.2 that addresses the date range validation issue.
What is the impact of CVE-2017-1000415 on security?
The impact of CVE-2017-1000415 allows attackers to exploit certificate validation flaws and potentially issue valid certificates that appear to be current.
Which versions of MatrixSSL are affected by CVE-2017-1000415?
MatrixSSL version 3.7.2 is affected by CVE-2017-1000415, specifically due to its incorrect UTCTime date range validation.
Where can I find more information about CVE-2017-1000415?
More information about CVE-2017-1000415 can typically be found in security advisories or vulnerability databases related to MatrixSSL.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/matrixssl
- canonical/matrixssl matrixssl
- version/matrixssl matrixssl/3.7.2