Vulnerability Details CVE-2012-3367
Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.6%
CVSS Severity
CVSS v2 Score 5.5
References
- http://osvdb.org/84098
- http://rhn.redhat.com/errata/RHSA-2012-1103.html
- http://secunia.com/advisories/50013
- http://www.securityfocus.com/bid/54608
- http://www.securitytracker.com/id?1027284
- https://bugzilla.redhat.com/show_bug.cgi?id=836268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77102
- https://fedorahosted.org/pki/changeset/2430
- http://osvdb.org/84098
- http://rhn.redhat.com/errata/RHSA-2012-1103.html
- http://secunia.com/advisories/50013
- http://www.securityfocus.com/bid/54608
- http://www.securitytracker.com/id?1027284
- https://bugzilla.redhat.com/show_bug.cgi?id=836268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77102
- https://fedorahosted.org/pki/changeset/2430
Products affected by CVE-2012-3367
-
cpe:2.3:a:redhat:certificate_system:-
-
cpe:2.3:a:redhat:certificate_system:7.1
-
cpe:2.3:a:redhat:certificate_system:7.2
-
cpe:2.3:a:redhat:certificate_system:7.3
-
cpe:2.3:a:redhat:certificate_system:8
-
cpe:2.3:a:redhat:certificate_system:8.0
-
cpe:2.3:a:redhat:certificate_system:8.1
-
cpe:2.3:a:redhat:dogtag_certificate_system:-
-
cpe:2.3:a:redhat:dogtag_certificate_system:10.0
-
cpe:2.3:a:redhat:dogtag_certificate_system:9.0