CVE-2017-2590
8.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | ipa | 4.4 | affected |
Weaknesses
- CWE-732: CWE-732
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/96557
- http://rhn.redhat.com/errata/RHSA-2017-0388.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590
References
- http://www.securityfocus.com/bid/96557
- http://rhn.redhat.com/errata/RHSA-2017-0388.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.