PT-2012-4666 · Red Hat · Dogtag Certificate System+1

Tomas Hoger

Published

2012-08-13

Updated

2017-08-29

CVE-2012-3367

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System (RHCS) versions prior to 8.1.1 Dogtag Certificate System (affected versions not specified)

Description The issue concerns the improper checking of certificate revocation requests made through the web interface. This allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

Recommendations For Red Hat Certificate System (RHCS) versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue. For Dogtag Certificate System, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2012-3367

RHSA-2012:1103

Affected Products

Dogtag Certificate System

Red Hat Certificate System

PT-2012-4666 · Red Hat · Dogtag Certificate System+1

CVE-2012-3367

Weakness Enumeration

Related Identifiers

Affected Products

References · 9