CVE-2007-4994

Published Nov 6, 2007

Last updated 14 years ago

Overview

Description: Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "575AE74C-7079-49EE-BCFF-39406C4FD011"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References