Lucene search

K

Redhat.comRH:CVE-2016-5404

HistoryAug 18, 2016 - 9:04 p.m.

CVE-2016-5404

2016-08-1821:04:13

redhat.com

access.redhat.com

11

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the ‘retrieve certificate’ permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack.

References

bugzilla.redhat.com/show_bug.cgi?id=1351593

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

Related for RH:CVE-2016-5404

veracode1 nessus9 fedora3 redhat1 openvas8 f51 prion1 oraclelinux1 debiancve1 cve1 centos1 ubuntucve1 ubuntu1 osv1