CVE-2007-4994

Sažetak

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

Reference

http://osvdb.org/40440
http://secunia.com/advisories/27557
http://www.redhat.com/support/errata/RHSA-2007-0934.html
http://www.securityfocus.com/bid/26377
http://www.securitytracker.com/id?1020532
http://www.vupen.com/english/advisories/2007/3405
http://www.vupen.com/english/advisories/2007/3406
https://rhn.redhat.com/errata/RHSA-2008-0566.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2011 - 02:59

Objavljeno

06-11-2007 - 21:46