CVE-2007-4994

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/40440
http://secunia.com/advisories/27557
http://www.redhat.com/support/errata/RHSA-2007-0934.html
http://www.securityfocus.com/bid/26377
http://www.securitytracker.com/id?1020532
http://www.vupen.com/english/advisories/2007/3405
http://www.vupen.com/english/advisories/2007/3406
https://rhn.redhat.com/errata/RHSA-2008-0566.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-11-06 21:46

Updated : 2024-02-28 11:01

NVD link : CVE-2007-4994

Mitre link : CVE-2007-4994

CVE.ORG link : CVE-2007-4994

JSON object : View

Products Affected

redhat

certificate_server

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2007-4994", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-11-06T21:46:00.000", "references": [{"url": "http://osvdb.org/40440", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27557", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0934.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/26377", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1020532", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/3405", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/3406", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2008-0566.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL."}, {"lang": "es", "value": "Certificate Server 7.2 en Red Hat Certificate System (RHCS) no maneja de forma adecuada nuevas revocaciones que ocurren mientras un ertificate Revocation List (CRL) est\u00e9 siendo generado, lo cual permite prevenir ciertas revocaciones de certificados desde la aparici\u00f3n del un CRL rapidamente y permitir a usuarios con certificados revocados evitar el CRL previsto."}], "lastModified": "2011-03-08T02:59:53.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "575AE74C-7079-49EE-BCFF-39406C4FD011"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}