CVE-2012-3367 : Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System doe

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

Published 2012-08-13 20:55:08

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2012-3367

Redhat » Certificate System
Versions up to, including, (<=) 8.1
cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*
Matching versions
Redhat » Certificate System » Version: 7.1
cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Certificate System » Version: 7.2
cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Certificate System » Version: 7.3
cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Certificate System » Version: 8
cpe:2.3:a:redhat:certificate_system:8:*:*:*:*:*:*:*
Matching versions
Redhat » Certificate System » Version: 8.0
cpe:2.3:a:redhat:certificate_system:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Dogtag Certificate System
cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-3367

EPSS FAQ

0.40%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 58 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:P	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-3367

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3367

http://www.securityfocus.com/bid/54608

Red Hat Certificate System Multiple Cross Site Scripting and Security Bypass Vulnerabilities

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-1103.html

RHSA-2012:1103 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=836268

836268 – (CVE-2012-3367) CVE-2012-3367 Certificate System: CA certificate can be revoked
http://www.securitytracker.com/id?1027284

Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks - SecurityTracker

CVEs referencing this url
https://fedorahosted.org/pki/changeset/2430

Overview - dogtagpki - Pagure.io
Exploit;Patch
http://osvdb.org/84098
https://exchange.xforce.ibmcloud.com/vulnerabilities/77102

Red Hat Certificate System Certificate Manager security bypass CVE-2012-3367 Vulnerability Report
http://secunia.com/advisories/50013

Sign in
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-3367

Products affected by CVE-2012-3367

Exploit prediction scoring system (EPSS) score for CVE-2012-3367

CVSS scores for CVE-2012-3367

CWE ids for CVE-2012-3367

References for CVE-2012-3367