CVE-2012-4543

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System versions prior to 8.1.3

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the pageStart or pageSize to the "displayCRL" script, or the nonce variable to the "profileProcess" script.

Recommendations For versions prior to 8.1.3, update to version 8.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "displayCRL" and "profileProcess" scripts until a patch is available. Avoid using the pageStart and pageSize parameters in the "displayCRL" script and the nonce variable in the "profileProcess" script until the issue is resolved.