Vulnerability CVE-2008-1676


Published: 2008-07-07   Modified: 2012-02-12

Description:
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Netscape -> Certificate management system 

 References:
http://rhn.redhat.com/errata/RHSA-2008-0500.html
http://rhn.redhat.com/errata/RHSA-2008-0577.html
http://www.securityfocus.com/bid/30062
http://www.securitytracker.com/id?1020427
https://bugzilla.redhat.com/show_bug.cgi?id=445227
https://exchange.xforce.ibmcloud.com/vulnerabilities/43573

Copyright 2020, cxsecurity.com

 

Back to Top