CVE-2015-5284

Опубликовано: 08 окт. 2015

Источник: redhat

CVSS2: 5.5

EPSS Низкий

Описание

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.

Отчет

This issue did not affect the versions of ipa as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include the affected KRA subsystem.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	ipa	Not affected
Red Hat Enterprise Linux 7	ipa	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=1264790ipa: ipa-kra-install includes certificate and private key in world readable file

EPSS

Процентиль: 53%

0.00297

Низкий

5.5 Medium

CVSS2

Связанные уязвимости

CVE-2015-5284

CVSS3: 9.8

ubuntu

больше 8 лет назад

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.

CVE-2015-5284

CVSS3: 9.8

nvd

больше 8 лет назад

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.

CVE-2015-5284

CVSS3: 9.8

debian

больше 8 лет назад

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate ...

GHSA-2vgj-j756-9gpx

CVSS3: 9.8

github

больше 3 лет назад

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.

EPSS

Процентиль: 53%

0.00297

Низкий

5.5 Medium

CVSS2