CVE-2012-3367

high

Description

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77102

https://bugzilla.redhat.com/show_bug.cgi?id=836268

http://www.securitytracker.com/id?1027284

http://www.securityfocus.com/bid/54608

http://secunia.com/advisories/50013

http://rhn.redhat.com/errata/RHSA-2012-1103.html

http://osvdb.org/84098

Details

Source: Mitre, NVD

Published: 2012-08-13

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High