| |
Vulnerability CVE-2012-4546
Published: 2013-04-02 Modified: 2013-04-03
| Description: |
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate. |
Type:
CWE-16 (Configuration)
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://rhn.redhat.com/errata/RHSA-2013-0528.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
