Lucene search

[email protected]CVE-2009-0588

HistoryMay 27, 2009 - 4:30 p.m.

CVE-2009-0588

2009-05-2716:30:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve

vulnerability

red hat certificate system

dogtag certificate system

remote authenticated users

certificate requests

security

ra component

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.2%

JSON

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.

CPENameOperatorVersion
redhat:certificate_systemredhat certificate systemeq7.3
redhat:dogtag_certificate_systemredhat dogtag certificate systemeq*

CPE	Name	Operator	Version
redhat:certificate_system	redhat certificate system	eq	7.3
redhat:dogtag_certificate_system	redhat dogtag certificate system	eq	*

References

secunia.com/advisories/35242

secunia.com/advisories/35263

www.redhat.com/support/errata/RHSA-2009-1065.html

www.securityfocus.com/bid/35104

www.securitytracker.com/id?1022278

bugzilla.redhat.com/show_bug.cgi?id=484828

bugzilla.redhat.com/show_bug.cgi?id=488706

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2009-0588

seebug1 prion1 cvelist1