CVE-2007-4994

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2007-0934.html
http://www.securityfocus.com/bid/26377
http://secunia.com/advisories/27557
https://rhn.redhat.com/errata/RHSA-2008-0566.html
http://www.securitytracker.com/id?1020532
http://osvdb.org/40440
http://www.vupen.com/english/advisories/2007/3405
http://www.vupen.com/english/advisories/2007/3406

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*

Information

Published : 2007-11-06 13:46

Updated : 2011-03-07 18:59

NVD link : CVE-2007-4994

Mitre link : CVE-2007-4994

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

redhat

certificate_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2007-0934.html", "name": "RHSA-2007:0934", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/26377", "name": "26377", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/27557", "name": "27557", "tags": [], "refsource": "SECUNIA"}, {"url": "https://rhn.redhat.com/errata/RHSA-2008-0566.html", "name": "RHSA-2008:0566", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id?1020532", "name": "1020532", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/40440", "name": "40440", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/3405", "name": "ADV-2007-3405", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/3406", "name": "ADV-2007-3406", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4994", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-11-06T21:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:59Z"}