Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3367

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2012-3367
Last Modified 14 Aug 2012 01:38:34
Published 13 Aug 2012 04:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3367

Summary

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

Vulnerable Systems

Application

  • Redhat Certificate System 7.1

  • Redhat Certificate System 7.2

  • Redhat Certificate System 7.3

  • Redhat Certificate System 8

  • Redhat Certificate System 8.0

  • Redhat Certificate System 8.1

  • Redhat Dogtag Certificate System


References

CONFIRM - https://fedorahosted.org/pki/changeset/2430

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=836268

XF - rhcs-certificate-manager-sec-bypass(77102)

SECTRACK - 1027284

BID - 54608

SECUNIA - 50013

REDHAT - RHSA-2012:1103

OSVDB - 84098


Last Updated: 27 May 2016 10:51:40