1. CVE-Search
  2. CVE-2007-4994
ID CVE-2007-4994
Summary Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-03-2011 - 02:59)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2007:0934
  • rhsa
    id RHSA-2008:0566
rpms
  • rhpki-ca-0:7.2.0-4
  • rhpki-common-0:7.2.0-8
  • rhpki-util-0:7.2.0-4
  • rhpki-ca-0:7.3.0-11.el4
  • rhpki-common-0:7.3.0-34.el4
  • rhpki-util-0:7.3.0-18.el4
refmap via4
bid 26377
osvdb 40440
sectrack 1020532
secunia 27557
vupen
  • ADV-2007-3405
  • ADV-2007-3406
Last major update 08-03-2011 - 02:59
Published 06-11-2007 - 21:46
Last modified 08-03-2011 - 02:59
Back to Top