Описание
ELSA-2024-4165: pki-core security update (IMPORTANT)
[11.5.0-2.0.1]
- Replaced upstream graphical references [Orabug: 33952704]
[11.5.0-2]
- RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
idm-pki-acme
11.5.0-2.0.1.el9_4
idm-pki-base
11.5.0-2.0.1.el9_4
idm-pki-ca
11.5.0-2.0.1.el9_4
idm-pki-est
11.5.0-2.0.1.el9_4
idm-pki-java
11.5.0-2.0.1.el9_4
idm-pki-kra
11.5.0-2.0.1.el9_4
idm-pki-server
11.5.0-2.0.1.el9_4
idm-pki-tools
11.5.0-2.0.1.el9_4
python3-idm-pki
11.5.0-2.0.1.el9_4
Oracle Linux x86_64
idm-pki-acme
11.5.0-2.0.1.el9_4
idm-pki-base
11.5.0-2.0.1.el9_4
idm-pki-ca
11.5.0-2.0.1.el9_4
idm-pki-est
11.5.0-2.0.1.el9_4
idm-pki-java
11.5.0-2.0.1.el9_4
idm-pki-kra
11.5.0-2.0.1.el9_4
idm-pki-server
11.5.0-2.0.1.el9_4
idm-pki-tools
11.5.0-2.0.1.el9_4
python3-idm-pki
11.5.0-2.0.1.el9_4
Связанные CVE
Связанные уязвимости
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
A flaw was found in dogtag-pki and pki-core. The token authentication ...
