CVE-2017-7509

3.5LOW

Key Information:

Vendor: Red Hat
Status: Certificate System
Vendor: CVE Published:; 26 July 2018

Summary

An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.

Affected Version(s)

Certificate System pki-common-8.1.20-1

References

https://access.redhat.com/errata/RHSA-2017:2560

vendor-advisoryx_refsource_REDHAT

http://www.securitytracker.com/id/1039248

vdb-entryx_refsource_SECTRACK

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Apr 5, 2017