CVE-2009-0588

agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/35242
http://secunia.com/advisories/35263
http://www.redhat.com/support/errata/RHSA-2009-1065.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/35104
http://www.securitytracker.com/id?1022278
https://bugzilla.redhat.com/show_bug.cgi?id=484828	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=488706

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:certificate_system:7.3:::::::*
	cpe:2.3:a:redhat:dogtag_certificate_system::::::::

History

No history.

Information

Published : 2009-05-27 16:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-0588

Mitre link : CVE-2009-0588

CVE.ORG link : CVE-2009-0588

JSON object : View

Products Affected

redhat

certificate_system
dogtag_certificate_system

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-0588", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-05-27T16:30:01.670", "references": [{"url": "http://secunia.com/advisories/35242", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35263", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1065.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/35104", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1022278", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=484828", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=488706", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field."}, {"lang": "es", "value": "agent/request/op.cgi en el componente Registration Authority (RA) en Red Hat Certificate System (RHCS) 7.3 y Dogtag Certificate System permiten a atacantes remotos autenticados aprobar peticiones de certificado en cola para grupos de agentes de su elecci\u00f3n mediante una petici\u00f3n de campo ID modificada."}], "lastModified": "2009-06-09T05:32:40.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2654E6A-190C-4D5C-ABC0-89011DD8E293"}, {"criteria": "cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06D606EF-447B-42C5-ADBE-14515257262B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}