CVE-2012-3367

CWE-3105 documents5 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 39.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Certificate System
Timeline
PublishedAug 13
Latest updateMay 17

Description

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

Patches

Patch: fedorahosted.org โ†—Patch: fedorahosted.org โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-jh3f-4cfw-pgf7: Red Hat Certificate System (RHCS) before 8โ†—2022-05-17
โ–ถ
CVEList
CVE-2012-3367: Red Hat Certificate System (RHCS) before 8โ†—2012-08-13
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
System: CA certificate can be revokedโ†—2012-07-19
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2012-3367 Certificate System: CA certificate can be revokedโ†—2012-06-28
โ–ถ
CVE-2012-3367 (MEDIUM CVSS 5.5) | Red Hat Certificate System (RHCS) b | cvebase.io