CVE-2017-1000415

{"id": "CVE-2017-1000415", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-01-09T20:29:00.207", "references": [{"url": "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=FW--c_F_cY8", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years."}, {"lang": "es", "value": "MatrixSSL 3.7.2 tiene una validaci\u00f3n de rango de fecha UTCTime incorrecta en su proceso de validaci\u00f3n del certificado X.509. Esto resulta en que algunos certificados ampl\u00edan (retrasan) su a\u00f1o de expiraci\u00f3n (comienzo) en 100 a\u00f1os."}], "lastModified": "2018-01-26T19:58:17.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matrixssl:matrixssl:3.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BE4A5B2-03D3-4F69-966B-D10643266C35"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}