Vulnerability Details : CVE-2017-7509
An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-7509
- cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7509
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
3.5
|
LOW | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2017-7509
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2017-7509
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509
1456030 – (CVE-2017-7509) CVE-2017-7509 certificate system 8: Enrolling certificate without certreq field causes CA to crashIssue Tracking;Vendor Advisory
-
http://www.securitytracker.com/id/1039248
Red Hat Certificate Server Input Validation Flaw in certreq Field Lets Remote Authenticated Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:2560
RHSA-2017:2560 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to