Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-2590

Опубликовано: 27 июл. 2018
Источник: nvd
CVSS3: 8.1
CVSS2: 5.5
EPSS Низкий

Описание

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*
Версия до 4.4.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00177
Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-732
CWE-275

Связанные уязвимости

ubuntu логотип

CVE-2017-2590

CVSS3: 8.1
ubuntu
больше 7 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

redhat логотип

CVE-2017-2590

CVSS3: 8.1
redhat
почти 9 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

debian логотип

CVE-2017-2590

CVSS3: 8.1
debian
больше 7 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ...

github логотип

GHSA-7gp5-3wrx-x8j6

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

oracle-oval логотип

ELSA-2017-0388

oracle-oval
почти 9 лет назад

ELSA-2017-0388: ipa security and bug fix update (MODERATE)

EPSS

Процентиль: 39%
0.00177
Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-732
CWE-275