Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-14823

Опубликовано: 14 окт. 2019
Источник: debian

Описание

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jssfixed4.6.2-1package
jssnot-affectedbusterpackage
jssnot-affectedstretchpackage
jssnot-affectedjessiepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1747435

  • https://github.com/dogtagpki/jss/pull/284

  • https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4

Связанные уязвимости

ubuntu логотип

CVE-2019-14823

CVSS3: 7.4
ubuntu
больше 6 лет назад

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

redhat логотип

CVE-2019-14823

CVSS3: 6.8
redhat
больше 6 лет назад

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

nvd логотип

CVE-2019-14823

CVSS3: 7.4
nvd
больше 6 лет назад

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

github логотип

GHSA-45q2-f3rm-5r6v

CVSS3: 7.4
github
больше 3 лет назад

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

oracle-oval логотип

ELSA-2019-3067

oracle-oval
больше 6 лет назад

ELSA-2019-3067: jss security update (IMPORTANT)