Lucene search

MitreCVE-2017-6594

HistoryAug 28, 2017 - 7:29 p.m.

CVE-2017-6594

2017-08-2819:29:01

CWE-295

mitre

web.nvd.nist.gov

heimdal

transit path validation

cve-2017-6594

capath policy protection

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

53.1%

JSON

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Affected configurations

Nvd

Node

heimdal_projectheimdalRange≤7.2.0

Node

opensuseleapMatch42.2

opensuseleapMatch42.3

VendorProductVersionCPE
heimdal_projectheimdal*cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*
opensuseleap42.2cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
opensuseleap42.3cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
heimdal_project	heimdal	*	cpe:2.3:a:heimdal_project:heimdal::::::::
opensuse	leap	42.2	cpe:2.3:o:opensuse:leap:42.2:::::::*
opensuse	leap	42.3	cpe:2.3:o:opensuse:leap:42.3:::::::*