Vulnerability Description
Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Certificate System | <= 8.1 |
| Redhat | Dogtag Certificate System | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/84098
- http://rhn.redhat.com/errata/RHSA-2012-1103.html
- http://secunia.com/advisories/50013Vendor Advisory
- http://www.securityfocus.com/bid/54608
- http://www.securitytracker.com/id?1027284
- https://bugzilla.redhat.com/show_bug.cgi?id=836268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77102
- https://fedorahosted.org/pki/changeset/2430ExploitPatch
- http://osvdb.org/84098
- http://rhn.redhat.com/errata/RHSA-2012-1103.html
- http://secunia.com/advisories/50013Vendor Advisory
- http://www.securityfocus.com/bid/54608
- http://www.securitytracker.com/id?1027284
- https://bugzilla.redhat.com/show_bug.cgi?id=836268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77102
FAQ
What is CVE-2012-3367?
CVE-2012-3367 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with ...
How severe is CVE-2012-3367?
CVE-2012-3367 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3367?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Certificate System, Redhat Dogtag Certificate System.