Vulnerabilites related to netscape - certificate_management_system
CVE-2008-1676 (GCVE-0-2008-1676)
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30062"
},
{
"name": "rhcs-rhpkicommon-csr-security-bypass(43573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"
},
{
"name": "RHSA-2008:0500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"
},
{
"name": "1020427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020427"
},
{
"name": "RHSA-2008:0577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"
},
{
"name": "30929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30929"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30062"
},
{
"name": "rhcs-rhpkicommon-csr-security-bypass(43573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"
},
{
"name": "RHSA-2008:0500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"
},
{
"name": "1020427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020427"
},
{
"name": "RHSA-2008:0577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"
},
{
"name": "30929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30929"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1676",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-04-03T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | certificate_system | 7.1 | |
| redhat | certificate_system | 7.2 | |
| redhat | certificate_system | 7.3 | |
| netscape | certificate_management_system | * | |
| netscape | certificate_management_system | 6.0 | |
| netscape | certificate_management_system | 6.01 | |
| netscape | certificate_management_system | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A94B7103-11B7-4B1E-AE02-86210F9CCCAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27FE079E-FB15-443C-BE2E-1D4C940BB8C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2654E6A-190C-4D5C-ABC0-89011DD8E293",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netscape:certificate_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "946E7D94-5FD5-40C2-B67A-14C0D13CDDAB",
"versionEndIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_management_system:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D852DF7-F08A-4EAC-B7BB-D3384CA0B9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_management_system:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD96E83-2151-4AFE-B3B3-E9CCF69D4B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_management_system:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F95B08-2AC6-4452-9BA3-26C80D3FABE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate."
},
{
"lang": "es",
"value": "Red Hat PKI Common Framework (rhpki-common) de Red Hat Certificate System (tambi\u00e9n conocido como Certificate Server o RHCS) 7.1 hasta 7.3, y Netscape Certificate Management System 6.x; no reconocen las restricciones de perfil de la Autoridad Certificadora en Extensions, esto puede permitir a atacantes remotos evitar las restricciones pretendidas y realizar ataques de hombre-en-medio (man-in-the-middle) al enviar una Solicitud de Firma de Certificado (certificate signing request (CSR)) y utilizar el certificado resultante."
}
],
"id": "CVE-2008-1676",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30929"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/30062"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020427"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}