Lucene search

[email protected]NVD:CVE-2012-3367

HistoryAug 13, 2012 - 8:55 p.m.

CVE-2012-3367

2012-08-1320:55:08

CWE-310

[email protected]

web.nvd.nist.gov

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

JSON

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

Affected configurations

NVD

Node

redhatcertificate_systemRange≤8.1

redhatcertificate_systemMatch7.1

redhatcertificate_systemMatch7.2

redhatcertificate_systemMatch7.3

redhatcertificate_systemMatch8

redhatcertificate_systemMatch8.0

redhatdogtag_certificate_system

References

osvdb.org/84098

rhn.redhat.com/errata/RHSA-2012-1103.html

secunia.com/advisories/50013

www.securityfocus.com/bid/54608

www.securitytracker.com/id?1027284

bugzilla.redhat.com/show_bug.cgi?id=836268

exchange.xforce.ibmcloud.com/vulnerabilities/77102

fedorahosted.org/pki/changeset/2430

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for NVD:CVE-2012-3367

cve1 prion1 cvelist1 redhat1 nessus1 veracode1