CVE-2009-0588

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=484828	Patch
http://www.redhat.com/support/errata/RHSA-2009-1065.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/35104
https://bugzilla.redhat.com/show_bug.cgi?id=488706
http://secunia.com/advisories/35242
http://www.securitytracker.com/id?1022278
http://secunia.com/advisories/35263

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:certificate_system:7.3:::::::*
	cpe:2.3:a:redhat:dogtag_certificate_system::::::::

Information

Published : 2009-05-27 09:30

Updated : 2009-06-08 22:32

NVD link : CVE-2009-0588

Mitre link : CVE-2009-0588

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

redhat

certificate_system
dogtag_certificate_system

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484828", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=484828", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1065.html", "name": "RHSA-2009:1065", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/35104", "name": "35104", "tags": [], "refsource": "BID"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=488706", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=488706", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/35242", "name": "35242", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1022278", "name": "1022278", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/35263", "name": "35263", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0588", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-05-27T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-06-09T05:32Z"}