Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-5484
HistoryJan 27, 2013 - 6:55 p.m.

CVE-2012-5484

2013-01-2718:55:02
CWE-310
[email protected]
web.nvd.nist.gov
31
cve-2012-5484
freeipa
certification authority
ca certificate
man-in-the-middle
spoof
join procedure
nvd

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

Affected configurations

NVD
Node
redhatfreeipaMatch2.0.0
OR
redhatfreeipaMatch2.0.1
OR
redhatfreeipaMatch2.1.0
OR
redhatfreeipaMatch2.1.1
OR
redhatfreeipaMatch2.1.3
OR
redhatfreeipaMatch2.1.4
OR
redhatfreeipaMatch2.2.1
Node
redhatfreeipaMatch3.0.0
OR
redhatfreeipaMatch3.0.1
OR
redhatfreeipaMatch3.0.2
OR
redhatfreeipaMatch3.1.1

Related

nessus 10
openvas 17
ubuntucve 1
redhat 2
veracode 1
oraclelinux 3
fedora 3
prion 1
cvelist 1
centos 2
nvd 1
nessus
nessus
CentOS 5 : ipa-client (CESA-2013:0189)
2013-01-24 00:00:00
Scientific Linux Security Update : ipa-client on SL5.x i386/x86_64 (20130123)
2013-01-25 00:00:00
RHEL 6 : ipa (RHSA-2013:0188)
2013-01-24 00:00:00
openvas
openvas
RedHat Update for ipa-client RHSA-2013:0189-01
2013-01-24 00:00:00
CentOS Update for ipa-client CESA-2013:0189 centos5
2013-01-24 00:00:00
RedHat Update for ipa RHSA-2013:0188-01
2013-01-24 00:00:00
ubuntucve
ubuntucve
CVE-2012-5484
2013-01-27 00:00:00
redhat
redhat
(RHSA-2013:0189) Important: ipa-client security update
2013-01-23 00:00:00
(RHSA-2013:0188) Important: ipa security update
2013-01-23 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 08:54:07
oraclelinux
oraclelinux
ipa security update
2013-01-23 00:00:00
ipa-client security update
2013-01-23 00:00:00
ipa security, bug fix and enhancement update
2013-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: freeipa-2.2.2-1.fc17
2013-02-23 00:53:04
[SECURITY] Fedora 18 Update: freeipa-3.1.2-1.fc18
2013-02-02 04:23:27
[SECURITY] Fedora 18 Update: freeipa-3.1.3-4.fc18
2013-04-11 10:07:12
prion
prion
Design/Logic Flaw
2013-01-27 18:55:00
cvelist
cvelist
CVE-2012-5484
2013-01-27 18:00:00
centos
centos
ipa security update
2013-01-24 03:12:49
ipa security update
2013-01-23 23:41:10
nvd
nvd
CVE-2012-5484
2013-01-27 18:55:02

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON
Related for CVE-2012-5484
nessus10openvas17ubuntucve1redhat2veracode1oraclelinux3fedora3prion1cvelist1centos2nvd1