CVE-2007-4594 — MEDIUM (6.4)

Vulnerability Description

Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Entrust	Entelligence Security Provider	8

Related Weaknesses (CWE)

CWE-255

References

http://secunia.com/advisories/26630PatchVendor Advisory
http://www.securityfocus.com/bid/25471Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/36331
http://secunia.com/advisories/26630PatchVendor Advisory
http://www.securityfocus.com/bid/25471Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/36331

FAQ

What is CVE-2007-4594?

CVE-2007-4594 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or a...

How severe is CVE-2007-4594?

CVE-2007-4594 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4594?

Check the references section above for vendor advisories and patch information. Affected products include: Entrust Entelligence Security Provider.