PT-2013-1688 · Apache+1 · Apache Httpd+1

Patrick Raspante

Publicado

2013-01-04

Atualizado

2013-01-15

CVE-2012-4556

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System versions prior to 8.1.3

Description The issue affects the token processing system in Red Hat Certificate System, allowing remote attackers to cause a denial of service. This is achieved by sending certain unspecified empty search fields in a user certificate search query, which can lead to the restart of the Apache httpd web server child process.

Recommendations For versions prior to 8.1.3, update to version 8.1.3 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-4556

RHSA-2012:1550

Produtos afetados

Apache Httpd

Red Hat Certificate System

PT-2013-1688 · Apache+1 · Apache Httpd+1

CVE-2012-4556

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6