Vulnerability Description
Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Certificate Server | 7.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/40440
- http://secunia.com/advisories/27557
- http://www.redhat.com/support/errata/RHSA-2007-0934.html
- http://www.securityfocus.com/bid/26377
- http://www.securitytracker.com/id?1020532
- http://www.vupen.com/english/advisories/2007/3405
- http://www.vupen.com/english/advisories/2007/3406
- https://rhn.redhat.com/errata/RHSA-2008-0566.html
- http://osvdb.org/40440
- http://secunia.com/advisories/27557
- http://www.redhat.com/support/errata/RHSA-2007-0934.html
- http://www.securityfocus.com/bid/26377
- http://www.securitytracker.com/id?1020532
- http://www.vupen.com/english/advisories/2007/3405
- http://www.vupen.com/english/advisories/2007/3406
FAQ
What is CVE-2007-4994?
CVE-2007-4994 is a vulnerability with a CVSS score of 7.5 (HIGH). Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certai...
How severe is CVE-2007-4994?
CVE-2007-4994 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4994?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Certificate Server.