CVE-2007-4994

high

Description

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

References

https://rhn.redhat.com/errata/RHSA-2008-0566.html

http://www.vupen.com/english/advisories/2007/3406

http://www.vupen.com/english/advisories/2007/3405

http://www.securitytracker.com/id?1020532

http://www.securityfocus.com/bid/26377

http://www.redhat.com/support/errata/RHSA-2007-0934.html

http://secunia.com/advisories/27557

http://osvdb.org/40440

Details

Source: Mitre, NVD

Published: 2007-11-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00358