CVE-2012-4546 — Redhat Enterprise Linux vulnerability

CWE-165 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 60.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedApr 3

Latest updateMay 14

Description

The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages0 packages

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-f7qj-88hv-799m: The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not pro↗2022-05-14

▶

📋Vendor Advisories

Red Hat

ipa: servers do not publish correct CRLs↗2012-09-04

▶

💬Community

Bugzilla

CVE-2013-0199 CVE-2012-4546 freeipa various flaws [fedora-all]↗2013-01-23

▶

Bugzilla

CVE-2012-4546 ipa: servers do not publish correct CRLs↗2012-10-25

▶