RSS   Vulnerabilities for 'Certificate management system'   RSS

2008-07-07
 
CVE-2008-1676

CWE-255
 

 
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.

 

 >>> Vendor: Netscape 21 Products
Messaging server
Certificate server
Collabra server
Directory server
Enterprise server
Fasttrack server
Proxy server
Communicator
News server
Commerce server
Communications server
Navigator
Professional services ftpserver
Netscape messaging server multiplexor
Iplanet ical
Publishingxpert
Smartdownload
Messanger
Personalization engine
Portable runtime api
Certificate management system


Copyright 2024, cxsecurity.com

 

Back to Top